Page internet qui s'ouvre toute seules
Résolu/Fermé
A voir également:
- Page internet qui s'ouvre toute seules
- Supprimer une page word - Guide
- Traduire une page internet - Guide
- Comment imprimer un tableau excel sur une seule page - Guide
- Gps sans internet - Guide
- Ouvrir internet explorer - Guide
38 réponses
Utilisateur anonyme
19 mars 2009 à 18:54
19 mars 2009 à 18:54
réouvre hijackthis
fais scan only
coches ces lignes sur leur gauche:
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing
tu les coches et tu clic sur "fix checked"
et tu fermes le programme.
ensuite :
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
fais scan only
coches ces lignes sur leur gauche:
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing
tu les coches et tu clic sur "fix checked"
et tu fermes le programme.
ensuite :
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
? Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
? Double clique sur l'icône Ad-removersituée sur ton bureau
? Au menu principal choisi l'option "Recherche"
? Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall)
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
19 mars 2009 à 18:55
19 mars 2009 à 18:55
bonsoir
fais ceci
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
fais ceci
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
19 mars 2009 à 19:05
19 mars 2009 à 19:05
oui
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
19 mars 2009 à 20:20
19 mars 2009 à 20:20
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Choisis A
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.
Choisis A
Puis choisis S, le programme va travailler.
Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report.log)
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
Re,
------- LOGFILE OF AD-REMOVER 1.1.1.9 | ONLY XP/VISTA -------
Updated by C_XX on 18/03/2009 at 21:20 - AdRemover.contact@gmail.com
**** LIMITED TO ****
Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
Other Adwares
********************
Start at: 20:26:48, Jeu 19/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: PELLUET-284E21D
Current User: Bruno - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 46
(!) ---- IE start pages/Tabs reset
+-----------------| Boonty/Boonty Games Elements Deleted :
.
.
+-----------------| Eorezo Elements Deleted :
.
+-----------------| Infected Poker Softwares Elements Deleted :
HKCU\Software\PartyGaming
.
C:\Program Files\PartyGaming
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Deleted :
.
.
+-----------------| It's TV Elements Deleted :
.
+-----------------| Sweetim Elements Deleted :
.
============ Other Adwares Deleted ============
.
HKCR\AppID\ShoppingAdsHelper.DLL
HKCR\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4}
HKCR\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9}
HKCR\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKCR\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C}
HKCR\Interface\{2003E25F-91DA-7AC2-239B-A263B7D2441B}
HKCR\Interface\{8DC03F36-EFED-89C0-3C14-469B513E5651}
HKCR\Interface\{B00F1048-6A9F-DAA3-5103-5DCFA3E4719A}
HKCR\ShoppingAdsHelper.BrowserWatcher
HKCR\ShoppingAdsHelper.BrowserWatcher.1
HKCR\ShoppingAdsHelper.PornPro_BHO
HKCR\ShoppingAdsHelper.PornPro_BHO.1
HKCR\ShoppingAdsHelper.PrecacheBrowserHost
HKCR\ShoppingAdsHelper.PrecacheBrowserHost.1
HKCR\TypeLib\{A9FC1C11-B511-D9B9-0E29-01A8D05AE107}
HKCU\Software\Foxicle
HKCU\Software\MediaHoldings
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C86C605-6081-D104-96f7-F765C20b22F1}
HKCU\Software\PlayMP3
HKCU\Software\ShoppingAdsHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingAdsHelper
.
C:\Program Files\playmp3z
C:\Program Files\ShoppingAdsHelper
C:\Documents and Settings\Bruno\Menudm~1\Progra~1\PlayMP3z
C:\Documents and Settings\Bruno\Cookies\bruno@atdmt[2].txt
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------| Added Scan :
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-1645522239-1454471165-725345543-1003\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
4217 Byte(s) - C:\Ad-Report-Clean-19.03.2009.log
4648 Byte(s) - C:\Ad-Report-Scan-19.03.2009.log
0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
1 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 20:33:21 | 19/03/2009
.
+-----------------| E.O.F - 95 Lines
.
------- LOGFILE OF AD-REMOVER 1.1.1.9 | ONLY XP/VISTA -------
Updated by C_XX on 18/03/2009 at 21:20 - AdRemover.contact@gmail.com
**** LIMITED TO ****
Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
Other Adwares
********************
Start at: 20:26:48, Jeu 19/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: PELLUET-284E21D
Current User: Bruno - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 46
(!) ---- IE start pages/Tabs reset
+-----------------| Boonty/Boonty Games Elements Deleted :
.
.
+-----------------| Eorezo Elements Deleted :
.
+-----------------| Infected Poker Softwares Elements Deleted :
HKCU\Software\PartyGaming
.
C:\Program Files\PartyGaming
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Deleted :
.
.
+-----------------| It's TV Elements Deleted :
.
+-----------------| Sweetim Elements Deleted :
.
============ Other Adwares Deleted ============
.
HKCR\AppID\ShoppingAdsHelper.DLL
HKCR\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4}
HKCR\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9}
HKCR\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKCR\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C}
HKCR\Interface\{2003E25F-91DA-7AC2-239B-A263B7D2441B}
HKCR\Interface\{8DC03F36-EFED-89C0-3C14-469B513E5651}
HKCR\Interface\{B00F1048-6A9F-DAA3-5103-5DCFA3E4719A}
HKCR\ShoppingAdsHelper.BrowserWatcher
HKCR\ShoppingAdsHelper.BrowserWatcher.1
HKCR\ShoppingAdsHelper.PornPro_BHO
HKCR\ShoppingAdsHelper.PornPro_BHO.1
HKCR\ShoppingAdsHelper.PrecacheBrowserHost
HKCR\ShoppingAdsHelper.PrecacheBrowserHost.1
HKCR\TypeLib\{A9FC1C11-B511-D9B9-0E29-01A8D05AE107}
HKCU\Software\Foxicle
HKCU\Software\MediaHoldings
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C86C605-6081-D104-96f7-F765C20b22F1}
HKCU\Software\PlayMP3
HKCU\Software\ShoppingAdsHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingAdsHelper
.
C:\Program Files\playmp3z
C:\Program Files\ShoppingAdsHelper
C:\Documents and Settings\Bruno\Menudm~1\Progra~1\PlayMP3z
C:\Documents and Settings\Bruno\Cookies\bruno@atdmt[2].txt
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------| Added Scan :
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-1645522239-1454471165-725345543-1003\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
4217 Byte(s) - C:\Ad-Report-Clean-19.03.2009.log
4648 Byte(s) - C:\Ad-Report-Scan-19.03.2009.log
0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
1 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 20:33:21 | 19/03/2009
.
+-----------------| E.O.F - 95 Lines
.
Re,
Fichier WINIO.SYS reçu le 2009.02.11 06:00:28 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.11 -
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.10 -
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.20.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 -
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.5.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -
Information additionnelle
File size: 6144 bytes
MD5...: 6943c8f5cba301e07a1f69df69b09257
SHA1..: efa03fdecc094b392b50c48b57df566ba726ded5
SHA256: f870f14fcb3c4af75df97c3a769c63753aa4b3ea1ba3ae64dfbf921fe593007d
SHA512: d321acedccc7a63e554e78221e245b3aa48165dd25e1b28f922e3f4d69c7baf0<BR>12e634aa693d6c0eb38c7a2aa6f6b8241153e2a3e2492b9f23742729cb04906a<BR>
ssdeep: 48:SpcL8h2bhxzMouGgcw5+4Kh4f3hv1z6+rRs1Zx9ThurJv:W8Odvcwg4K6f33m<BR>Z8r<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4005<BR>timedatestamp.....: 0x43216a4c (Fri Sep 09 10:56:12 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x50b 0x600 5.49 4ea018649dbc8f03115bf507c80bcac8<BR>.rdata 0x2000 0xc3 0x200 2.07 3450455ac32001ffdf19a09c0ef587bf<BR>.data 0x3000 0xc 0x200 0.12 86280848fa32f33b6e1fa33edd0a393c<BR>INIT 0x4000 0x2b0 0x400 4.07 b47f5a74fe739e988a6b5ee0964154a2<BR>.rsrc 0x5000 0x340 0x400 2.74 8ff22a575da61b2102d6274ff78f4727<BR>.reloc 0x6000 0xb0 0x200 1.39 5f9487aed3f95cc71b9d668b54dfe67a<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: IofCompleteRequest, MmAllocateNonCachedMemory, MmFreeNonCachedMemory, ZwUnmapViewOfSection, IoCreateDevice, KeTickCount, ZwOpenSection, ObReferenceObjectByHandle, ZwMapViewOfSection, ZwClose, RtlInitUnicodeString, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDeleteDevice<BR>> HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_ULONG, READ_PORT_ULONG, WRITE_PORT_USHORT, READ_PORT_USHORT, HalTranslateBusAddress, READ_PORT_UCHAR<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.11 -
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.10 -
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.20.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 -
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.5.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -
Information additionnelle
File size: 6144 bytes
MD5...: 6943c8f5cba301e07a1f69df69b09257
SHA1..: efa03fdecc094b392b50c48b57df566ba726ded5
SHA256: f870f14fcb3c4af75df97c3a769c63753aa4b3ea1ba3ae64dfbf921fe593007d
SHA512: d321acedccc7a63e554e78221e245b3aa48165dd25e1b28f922e3f4d69c7baf0<BR>12e634aa693d6c0eb38c7a2aa6f6b8241153e2a3e2492b9f23742729cb04906a<BR>
ssdeep: 48:SpcL8h2bhxzMouGgcw5+4Kh4f3hv1z6+rRs1Zx9ThurJv:W8Odvcwg4K6f33m<BR>Z8r<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4005<BR>timedatestamp.....: 0x43216a4c (Fri Sep 09 10:56:12 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x50b 0x600 5.49 4ea018649dbc8f03115bf507c80bcac8<BR>.rdata 0x2000 0xc3 0x200 2.07 3450455ac32001ffdf19a09c0ef587bf<BR>.data 0x3000 0xc 0x200 0.12 86280848fa32f33b6e1fa33edd0a393c<BR>INIT 0x4000 0x2b0 0x400 4.07 b47f5a74fe739e988a6b5ee0964154a2<BR>.rsrc 0x5000 0x340 0x400 2.74 8ff22a575da61b2102d6274ff78f4727<BR>.reloc 0x6000 0xb0 0x200 1.39 5f9487aed3f95cc71b9d668b54dfe67a<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: IofCompleteRequest, MmAllocateNonCachedMemory, MmFreeNonCachedMemory, ZwUnmapViewOfSection, IoCreateDevice, KeTickCount, ZwOpenSection, ObReferenceObjectByHandle, ZwMapViewOfSection, ZwClose, RtlInitUnicodeString, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDeleteDevice<BR>> HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_ULONG, READ_PORT_ULONG, WRITE_PORT_USHORT, READ_PORT_USHORT, HalTranslateBusAddress, READ_PORT_UCHAR<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Fichier WINIO.SYS reçu le 2009.02.11 06:00:28 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.11 -
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.10 -
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.20.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 -
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.5.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -
Information additionnelle
File size: 6144 bytes
MD5...: 6943c8f5cba301e07a1f69df69b09257
SHA1..: efa03fdecc094b392b50c48b57df566ba726ded5
SHA256: f870f14fcb3c4af75df97c3a769c63753aa4b3ea1ba3ae64dfbf921fe593007d
SHA512: d321acedccc7a63e554e78221e245b3aa48165dd25e1b28f922e3f4d69c7baf0<BR>12e634aa693d6c0eb38c7a2aa6f6b8241153e2a3e2492b9f23742729cb04906a<BR>
ssdeep: 48:SpcL8h2bhxzMouGgcw5+4Kh4f3hv1z6+rRs1Zx9ThurJv:W8Odvcwg4K6f33m<BR>Z8r<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4005<BR>timedatestamp.....: 0x43216a4c (Fri Sep 09 10:56:12 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x50b 0x600 5.49 4ea018649dbc8f03115bf507c80bcac8<BR>.rdata 0x2000 0xc3 0x200 2.07 3450455ac32001ffdf19a09c0ef587bf<BR>.data 0x3000 0xc 0x200 0.12 86280848fa32f33b6e1fa33edd0a393c<BR>INIT 0x4000 0x2b0 0x400 4.07 b47f5a74fe739e988a6b5ee0964154a2<BR>.rsrc 0x5000 0x340 0x400 2.74 8ff22a575da61b2102d6274ff78f4727<BR>.reloc 0x6000 0xb0 0x200 1.39 5f9487aed3f95cc71b9d668b54dfe67a<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: IofCompleteRequest, MmAllocateNonCachedMemory, MmFreeNonCachedMemory, ZwUnmapViewOfSection, IoCreateDevice, KeTickCount, ZwOpenSection, ObReferenceObjectByHandle, ZwMapViewOfSection, ZwClose, RtlInitUnicodeString, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDeleteDevice<BR>> HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_ULONG, READ_PORT_ULONG, WRITE_PORT_USHORT, READ_PORT_USHORT, HalTranslateBusAddress, READ_PORT_UCHAR<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.11 -
AhnLab-V3 5.0.0.2 2009.02.11 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.11 -
Avast 4.8.1335.0 2009.02.10 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.11 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.11 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6349 2009.02.11 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.11 -
Fortinet 3.117.0.0 2009.02.11 -
GData 19 2009.02.11 -
Ikarus T3.1.1.45.0 2009.02.11 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.11 -
McAfee 5522 2009.02.10 -
McAfee+Artemis 5522 2009.02.10 -
Microsoft 1.4306 2009.02.10 -
NOD32 3844 2009.02.11 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.11 -
Rising 21.16.20.00 2009.02.11 -
SecureWeb-Gateway 6.7.6 2009.02.11 -
Sophos 4.38.0 2009.02.11 -
Sunbelt 3.2.1851.2 2009.02.10 -
Symantec 10 2009.02.11 -
TheHacker 6.3.1.5.252 2009.02.11 -
TrendMicro 8.700.0.1004 2009.02.11 -
ViRobot 2009.2.10.1599 2009.02.11 -
VirusBuster 4.5.11.0 2009.02.10 -
Information additionnelle
File size: 6144 bytes
MD5...: 6943c8f5cba301e07a1f69df69b09257
SHA1..: efa03fdecc094b392b50c48b57df566ba726ded5
SHA256: f870f14fcb3c4af75df97c3a769c63753aa4b3ea1ba3ae64dfbf921fe593007d
SHA512: d321acedccc7a63e554e78221e245b3aa48165dd25e1b28f922e3f4d69c7baf0<BR>12e634aa693d6c0eb38c7a2aa6f6b8241153e2a3e2492b9f23742729cb04906a<BR>
ssdeep: 48:SpcL8h2bhxzMouGgcw5+4Kh4f3hv1z6+rRs1Zx9ThurJv:W8Odvcwg4K6f33m<BR>Z8r<BR>
PEiD..: -
TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4005<BR>timedatestamp.....: 0x43216a4c (Fri Sep 09 10:56:12 2005)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x50b 0x600 5.49 4ea018649dbc8f03115bf507c80bcac8<BR>.rdata 0x2000 0xc3 0x200 2.07 3450455ac32001ffdf19a09c0ef587bf<BR>.data 0x3000 0xc 0x200 0.12 86280848fa32f33b6e1fa33edd0a393c<BR>INIT 0x4000 0x2b0 0x400 4.07 b47f5a74fe739e988a6b5ee0964154a2<BR>.rsrc 0x5000 0x340 0x400 2.74 8ff22a575da61b2102d6274ff78f4727<BR>.reloc 0x6000 0xb0 0x200 1.39 5f9487aed3f95cc71b9d668b54dfe67a<BR><BR>( 2 imports ) <BR>> ntoskrnl.exe: IofCompleteRequest, MmAllocateNonCachedMemory, MmFreeNonCachedMemory, ZwUnmapViewOfSection, IoCreateDevice, KeTickCount, ZwOpenSection, ObReferenceObjectByHandle, ZwMapViewOfSection, ZwClose, RtlInitUnicodeString, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoDeleteDevice<BR>> HAL.dll: WRITE_PORT_UCHAR, WRITE_PORT_ULONG, READ_PORT_ULONG, WRITE_PORT_USHORT, READ_PORT_USHORT, HalTranslateBusAddress, READ_PORT_UCHAR<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Re,
pendant que j'y suis j'ai une mise à jour qui n'arrive pas à s'installer.
Je ne sais pas ce que c'est.
Merci par avance de ton aide.
pendant que j'y suis j'ai une mise à jour qui n'arrive pas à s'installer.
Je ne sais pas ce que c'est.
Merci par avance de ton aide.
Utilisateur anonyme
19 mars 2009 à 21:26
19 mars 2009 à 21:26
pendant que j'y suis j'ai une mise à jour qui n'arrive pas à s'installer.
de la part de qui ?
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
de la part de qui ?
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Re,
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-19 21:58:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 94 GB (82%) free of 114 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:04, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-19 21:58:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 94 GB (82%) free of 114 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:04, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Re,
je vais me coucher car grosse journée demain.
Je te souhaites une bonne nuit
A demain.
Je te poste le 2 em rapport.
info.txt logfile of random's system information tool 1.05 2009-03-19 21:59:07
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUn0c0c.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BTrieve-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01C25519-4E45-4C52-9114-CE4EE8EFCEA4}\Setup.exe" -l0x40c
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Chinese Traditional Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-900000000003}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EBP Gestion Commerciale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46DA90DB-D8D5-474A-B138-D5588F8D0BEF}\Setup.exe" -l0x40c /uninst
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x40c -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0C68A50B7874478D.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCMpK.inf
Hercules DualPix Exchange Webcam-->C:\Program Files\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Documents and Settings\Bruno\Bureau\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
IBoot-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61ACEE8D-4E0D-49BE-962E-9CA26EC0F921}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mio Technology SpeedCam Tool-->C:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove
Mio Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4629338A-8B55-49BE-B175-CB7F377078C5}\Setup.exe" -l0x40c
MioMap v3 Updater for Mio C320 C520-->MsiExec.exe /I{E034F4EA-F267-4DD1-B8EB-C7B2805D0040}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NavX Sync-->"C:\Program Files\NavX\Sync\unins000.exe"
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia MTP driver-->MsiExec.exe /I{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}
Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher-->MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06}
Nokia Software Updater-->MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
Power Manager 2.1.4-->"C:\Program Files\Power Manager\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
======Security center information======
AV: Avira AntiVir PersonalEdition Classic
System event log
Computer Name: PELLUET-284E21D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Updater Service.
Record Number: 7940
Source Name: Service Control Manager
Time Written: 20090303172616.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution.
Record Number: 7939
Source Name: Service Control Manager
Time Written: 20090303172609.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.
Record Number: 7938
Source Name: Service Control Manager
Time Written: 20090303172609.000000+060
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7937
Source Name: Service Control Manager
Time Written: 20090303172605.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 7936
Source Name: Service Control Manager
Time Written: 20090303172605.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PELLUET-284E21D
Event Code: 100
Message: wuauclt (2916) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 6241
Source Name: ESENT
Time Written: 20090309203526.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 6240
Source Name: SecurityCenter
Time Written: 20090309203525.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 1003
Message: Le service Windows Search a été démarré.
Record Number: 6239
Source Name: Windows Search Service
Time Written: 20090309203502.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 612
Message: SearchIndexer (1988) Le moteur de base de données a terminé le nettoyage d'index dans la base de données C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb.
Record Number: 6238
Source Name: ESENT
Time Written: 20090309203446.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 611
Message: SearchIndexer (1988) Base de données C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb : par mesure de précaution, l'index secondaire System_ItemUrl40c de la table SystemIndex_0A sera recréé après la mise à niveau de la version de Windows sur ce système. Ce message à caractère informatif n'indique pas un problème dans la base de données.
Record Number: 6237
Source Name: ESENT
Time Written: 20090309203445.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\PVSW\BIN
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
je vais me coucher car grosse journée demain.
Je te souhaites une bonne nuit
A demain.
Je te poste le 2 em rapport.
info.txt logfile of random's system information tool 1.05 2009-03-19 21:59:07
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUn0c0c.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BTrieve-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01C25519-4E45-4C52-9114-CE4EE8EFCEA4}\Setup.exe" -l0x40c
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Chinese Traditional Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-900000000003}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EBP Gestion Commerciale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46DA90DB-D8D5-474A-B138-D5588F8D0BEF}\Setup.exe" -l0x40c /uninst
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 Exporters-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp LayOut 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x40c -removeonly
Google SketchUp Pro 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0C68A50B7874478D.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCMpK.inf
Hercules DualPix Exchange Webcam-->C:\Program Files\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Documents and Settings\Bruno\Bureau\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
IBoot-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61ACEE8D-4E0D-49BE-962E-9CA26EC0F921}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mio Technology SpeedCam Tool-->C:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove
Mio Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4629338A-8B55-49BE-B175-CB7F377078C5}\Setup.exe" -l0x40c
MioMap v3 Updater for Mio C320 C520-->MsiExec.exe /I{E034F4EA-F267-4DD1-B8EB-C7B2805D0040}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NavX Sync-->"C:\Program Files\NavX\Sync\unins000.exe"
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia MTP driver-->MsiExec.exe /I{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}
Nokia NSeries Application Installer-->MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher-->MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06}
Nokia Software Updater-->MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
Power Manager 2.1.4-->"C:\Program Files\Power Manager\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
======Security center information======
AV: Avira AntiVir PersonalEdition Classic
System event log
Computer Name: PELLUET-284E21D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Updater Service.
Record Number: 7940
Source Name: Service Control Manager
Time Written: 20090303172616.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution.
Record Number: 7939
Source Name: Service Control Manager
Time Written: 20090303172609.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.
Record Number: 7938
Source Name: Service Control Manager
Time Written: 20090303172609.000000+060
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 7937
Source Name: Service Control Manager
Time Written: 20090303172605.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.
Record Number: 7936
Source Name: Service Control Manager
Time Written: 20090303172605.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PELLUET-284E21D
Event Code: 100
Message: wuauclt (2916) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 6241
Source Name: ESENT
Time Written: 20090309203526.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 6240
Source Name: SecurityCenter
Time Written: 20090309203525.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 1003
Message: Le service Windows Search a été démarré.
Record Number: 6239
Source Name: Windows Search Service
Time Written: 20090309203502.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 612
Message: SearchIndexer (1988) Le moteur de base de données a terminé le nettoyage d'index dans la base de données C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb.
Record Number: 6238
Source Name: ESENT
Time Written: 20090309203446.000000+060
Event Type: Informations
User:
Computer Name: PELLUET-284E21D
Event Code: 611
Message: SearchIndexer (1988) Base de données C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb : par mesure de précaution, l'index secondaire System_ItemUrl40c de la table SystemIndex_0A sera recréé après la mise à niveau de la version de Windows sur ce système. Ce message à caractère informatif n'indique pas un problème dans la base de données.
Record Number: 6237
Source Name: ESENT
Time Written: 20090309203445.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\PVSW\BIN
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Utilisateur anonyme
20 mars 2009 à 00:23
20 mars 2009 à 00:23
Télécharge SDFix sur ton bureau :
ici :SDFix
ou ici SDFix
ou ici SDFix
--> Double-clique sur SDFix.exe et choisis "Install" .
Tuto
Puis une fois l'installe faite ,
Impératif : Démarrer en mode sans echec .
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse
ici :SDFix
ou ici SDFix
ou ici SDFix
--> Double-clique sur SDFix.exe et choisis "Install" .
Tuto
Puis une fois l'installe faite ,
Impératif : Démarrer en mode sans echec .
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse
Bonjour,
je te souhaites une bonne journée
je ne serais la que ce soir.
[b]SDFix: Version 1.240 [/b]
Run by Bruno on 20/03/2009 at 07:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Service asc3550p - Deleted after Reboot
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\Bruno\Application Data\addon.dat - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 07:55:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2764d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d2764d]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PVSW\\BIN\\w3dbsmgr.exe"="C:\\PVSW\\BIN\\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"="C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Paraben Corporation\\Device Seizure\\PalmEmulator\\Emulator.exe"="C:\\Program Files\\Paraben Corporation\\Device Seizure\\PalmEmulator\\Emulator.exe:*:Enabled:Palm OS© Emulator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 28 Dec 2008 374,784 A..H. --- "C:\Program Files\Mio Backup\iBootDev.exe"
Sun 28 Dec 2008 72,192 A..H. --- "C:\Program Files\Mio Backup\MainShell.exe"
Sun 28 Dec 2008 120,233 A..H. --- "C:\Program Files\Mio Backup\MUI.exe"
Sun 28 Dec 2008 31,232 A..H. --- "C:\Program Files\Mio Backup\upgradeUT.exe"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Sun 28 Dec 2008 71,168 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Tue 4 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
je te souhaites une bonne journée
je ne serais la que ce soir.
[b]SDFix: Version 1.240 [/b]
Run by Bruno on 20/03/2009 at 07:26
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Service asc3550p - Deleted after Reboot
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\Bruno\Application Data\addon.dat - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 07:55:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2764d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d2764d]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PVSW\\BIN\\w3dbsmgr.exe"="C:\\PVSW\\BIN\\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"="C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Paraben Corporation\\Device Seizure\\PalmEmulator\\Emulator.exe"="C:\\Program Files\\Paraben Corporation\\Device Seizure\\PalmEmulator\\Emulator.exe:*:Enabled:Palm OS© Emulator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 28 Dec 2008 374,784 A..H. --- "C:\Program Files\Mio Backup\iBootDev.exe"
Sun 28 Dec 2008 72,192 A..H. --- "C:\Program Files\Mio Backup\MainShell.exe"
Sun 28 Dec 2008 120,233 A..H. --- "C:\Program Files\Mio Backup\MUI.exe"
Sun 28 Dec 2008 31,232 A..H. --- "C:\Program Files\Mio Backup\upgradeUT.exe"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Sun 28 Dec 2008 71,168 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Tue 4 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
Utilisateur anonyme
20 mars 2009 à 16:08
20 mars 2009 à 16:08
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
Télécharges :
Malwarebytes ou :
Malwarebytes
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
* Potasses le Tuto pour te familiariser avec le prg :
( cela dis, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Télécharges :
Malwarebytes ou :
Malwarebytes
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
* Potasses le Tuto pour te familiariser avec le prg :
( cela dis, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's .
Fais un examen dit "Complet" .
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Bonsoir,
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 2
20/03/2009 20:21:04
mbam-log-2009-03-20 (20-21-04).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 143998
Temps écoulé: 55 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 2
20/03/2009 20:21:04
mbam-log-2009-03-20 (20-21-04).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 143998
Temps écoulé: 55 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Re,
pour info voici la mise a jour qu'il narrive toujours pas à faire.
Mise à jour de sécurité pour Microsoft .NET Framework, version 1.0 Service Pack 3 (KB930494)
Pour les fenêtres intempestives tout va bien.
Par contre c'est un peu long pour l'affichage.
Merci .
pour info voici la mise a jour qu'il narrive toujours pas à faire.
Mise à jour de sécurité pour Microsoft .NET Framework, version 1.0 Service Pack 3 (KB930494)
Pour les fenêtres intempestives tout va bien.
Par contre c'est un peu long pour l'affichage.
Merci .
Utilisateur anonyme
20 mars 2009 à 21:00
20 mars 2009 à 21:00
Microsoft .NET Framework, version 1.0 Service Pack 3 = je l'ai jamais eu celle-la
redemarre ton pc et fais un nouveau rsit avant d'ouvrir une page internet ou Windows live messenger
redemarre ton pc et fais un nouveau rsit avant d'ouvrir une page internet ou Windows live messenger
Re,
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-20 21:06:25
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 95 GB (83%) free of 114 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:41, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-20 21:06:25
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 95 GB (83%) free of 114 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:41, on 20/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
20 mars 2009 à 22:17
20 mars 2009 à 22:17
;)
Utilisateur anonyme
20 mars 2009 à 22:46
20 mars 2009 à 22:46
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :
C:\WINDOWS\u39v22.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
ensuite :
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
:files
C:\WINDOWS\system32\SET1120.tmp
C:\WINDOWS\system32\SET111E.tmp
C:\WINDOWS\system32\SET175.tmp
C:\WINDOWS\system32\SET174.tmp
C:\WINDOWS\system32\SET173.tmp
C:\WINDOWS\system32\SET1121.tmp
C:\WINDOWS\system32\SET186.tmp
C:\WINDOWS\system32\SET183.tmp
C:\WINDOWS\system32\SET182.tmp
C:\WINDOWS\system32\SET17A.tmp
C:\WINDOWS\system32\SET178.tmp
C:\WINDOWS\system32\SET176.tmp
C:\WINDOWS\system32\SET1126.tmp
C:\WINDOWS\system32\SET1124.tmp
C:\WINDOWS\system32\SET191.tmp
C:\WINDOWS\system32\SET190.tmp
C:\WINDOWS\system32\SET18F.tmp
C:\WINDOWS\system32\SET1A7.tmp
C:\WINDOWS\system32\SET1A6.tmp
C:\WINDOWS\system32\SET1A5.tmp
C:\WINDOWS\system32\SET19E.tmp
C:\WINDOWS\system32\SET19B.tmp
C:\WINDOWS\system32\SET19A.tmp
C:\WINDOWS\system32\SET199.tmp
C:\WINDOWS\system32\SET197.tmp
C:\WINDOWS\system32\SET196.tmp
C:\WINDOWS\system32\SET195.tmp
C:\WINDOWS\system32\SET194.tmp
C:\WINDOWS\system32\SET193.tmp
C:\WINDOWS\system32\SET1129.tmp
C:\WINDOWS\system32\SET1B2.tmp
C:\WINDOWS\system32\SET1AE.tmp
C:\WINDOWS\system32\SET1AC.tmp
C:\WINDOWS\system32\SET1AA.tmp
C:\WINDOWS\system32\SET1C0.tmp
C:\WINDOWS\system32\SET1BB.tmp
C:\WINDOWS\system32\SET1B9.tmp
C:\WINDOWS\system32\SET1B8.tmp
C:\WINDOWS\system32\SET1B7.tmp
C:\WINDOWS\system32\SET1B5.tmp
C:\WINDOWS\system32\SET1CA.tmp
C:\WINDOWS\system32\SET1C7.tmp
C:\WINDOWS\system32\SET1C4.tmp
C:\WINDOWS\system32\SET1C3.tmp
C:\WINDOWS\system32\SET1C2.tmp
C:\WINDOWS\system32\SET1C1.tmp
C:\WINDOWS\system32\SET1D1.tmp
C:\WINDOWS\system32\SET1D0.tmp
C:\WINDOWS\system32\SET1CF.tmp
C:\WINDOWS\system32\SET1D8.tmp
C:\WINDOWS\system32\SET1D7.tmp
C:\WINDOWS\system32\SET1D6.tmp
C:\WINDOWS\system32\SET1D3.tmp
C:\WINDOWS\system32\SET1F6.tmp
C:\WINDOWS\system32\SET1F5.tmp
C:\WINDOWS\system32\SET1EF.tmp
C:\WINDOWS\system32\SET1EE.tmp
C:\WINDOWS\system32\SET1E5.tmp
C:\WINDOWS\system32\SET1E4.tmp
C:\WINDOWS\system32\SET1E1.tmp
C:\WINDOWS\system32\SET1DF.tmp
C:\WINDOWS\system32\SET1DE.tmp
C:\WINDOWS\system32\SET1F8.tmp
C:\WINDOWS\system32\SET1F7.tmp
C:\WINDOWS\system32\SET112F.tmp
C:\WINDOWS\system32\SET1FC.tmp
C:\WINDOWS\system32\SET221.tmp
C:\WINDOWS\system32\SET220.tmp
C:\WINDOWS\system32\SET21F.tmp
C:\WINDOWS\system32\SET21C.tmp
C:\WINDOWS\system32\SET21B.tmp
C:\WINDOWS\system32\SET217.tmp
C:\WINDOWS\system32\SET216.tmp
C:\WINDOWS\system32\SET213.tmp
C:\WINDOWS\system32\SET212.tmp
C:\WINDOWS\system32\SET211.tmp
C:\WINDOWS\system32\SET20F.tmp
C:\WINDOWS\system32\SET20D.tmp
C:\WINDOWS\system32\SET208.tmp
C:\WINDOWS\system32\SET239.tmp
C:\WINDOWS\system32\SET238.tmp
C:\WINDOWS\system32\SET237.tmp
C:\WINDOWS\system32\SET231.tmp
C:\WINDOWS\system32\SET230.tmp
C:\WINDOWS\system32\SET229.tmp
C:\WINDOWS\system32\SET228.tmp
C:\WINDOWS\system32\SET227.tmp
C:\WINDOWS\system32\SET253.tmp
C:\WINDOWS\system32\SET252.tmp
C:\WINDOWS\system32\SET250.tmp
C:\WINDOWS\system32\SET24E.tmp
C:\WINDOWS\system32\SET242.tmp
C:\WINDOWS\system32\SET241.tmp
C:\WINDOWS\system32\SET23C.tmp
C:\WINDOWS\system32\SET23A.tmp
C:\WINDOWS\system32\SET267.tmp
C:\WINDOWS\system32\SET265.tmp
C:\WINDOWS\system32\SET262.tmp
C:\WINDOWS\system32\SET261.tmp
C:\WINDOWS\system32\SET260.tmp
C:\WINDOWS\system32\SET25F.tmp
C:\WINDOWS\system32\SET257.tmp
C:\WINDOWS\system32\SET256.tmp
C:\WINDOWS\system32\SET254.tmp
C:\WINDOWS\system32\SET279.tmp
C:\WINDOWS\system32\SET26E.tmp
C:\WINDOWS\system32\SET26A.tmp
C:\WINDOWS\system32\SET289.tmp
C:\WINDOWS\system32\SET288.tmp
C:\WINDOWS\system32\SET285.tmp
C:\WINDOWS\system32\SET284.tmp
C:\WINDOWS\system32\SET27D.tmp
C:\WINDOWS\system32\SET27C.tmp
C:\WINDOWS\system32\SET296.tmp
C:\WINDOWS\system32\SET294.tmp
C:\WINDOWS\system32\SET293.tmp
C:\WINDOWS\system32\SET292.tmp
C:\WINDOWS\system32\SET290.tmp
C:\WINDOWS\system32\SET28F.tmp
C:\WINDOWS\system32\SET28E.tmp
C:\WINDOWS\system32\SET28C.tmp
C:\WINDOWS\system32\SET28B.tmp
C:\WINDOWS\system32\SET28A.tmp
C:\WINDOWS\system32\SET1141.tmp
C:\WINDOWS\system32\SET29F.tmp
C:\WINDOWS\system32\SET29E.tmp
C:\WINDOWS\system32\SET299.tmp
C:\WINDOWS\system32\SET2AF.tmp
C:\WINDOWS\system32\SET2AE.tmp
C:\WINDOWS\system32\SET2AC.tmp
C:\WINDOWS\system32\SET2A9.tmp
C:\WINDOWS\system32\SET2A7.tmp
C:\WINDOWS\system32\SET2A6.tmp
C:\WINDOWS\system32\SET2A5.tmp
C:\WINDOWS\system32\SET2A0.tmp
C:\WINDOWS\system32\SET2C7.tmp
C:\WINDOWS\system32\SET2C1.tmp
C:\WINDOWS\system32\SET2BC.tmp
C:\WINDOWS\system32\SET2BA.tmp
C:\WINDOWS\system32\SET2B9.tmp
C:\WINDOWS\system32\SET2B6.tmp
C:\WINDOWS\system32\SET2B3.tmp
C:\WINDOWS\system32\SET2B2.tmp
C:\WINDOWS\system32\SET11B9.tmp
C:\WINDOWS\system32\SET2E2.tmp
C:\WINDOWS\system32\SET2E1.tmp
C:\WINDOWS\system32\SET2E0.tmp
C:\WINDOWS\system32\SET2DE.tmp
C:\WINDOWS\system32\SET2DC.tmp
C:\WINDOWS\system32\SET2D2.tmp
C:\WINDOWS\system32\SET2D1.tmp
C:\WINDOWS\system32\SET2CE.tmp
C:\WINDOWS\system32\SET2CD.tmp
C:\WINDOWS\system32\SET2E3.tmp
C:\WINDOWS\system32\SET2F0.tmp
C:\WINDOWS\system32\SET2EF.tmp
C:\WINDOWS\system32\SET2EE.tmp
C:\WINDOWS\system32\SET2EC.tmp
C:\WINDOWS\system32\SET2F6.tmp
C:\WINDOWS\system32\SET2F5.tmp
C:\WINDOWS\system32\SET2F4.tmp
C:\WINDOWS\system32\SET2F2.tmp
C:\WINDOWS\system32\SET2F1.tmp
C:\WINDOWS\system32\SET30D.tmp
C:\WINDOWS\system32\SET30B.tmp
C:\WINDOWS\system32\SET309.tmp
C:\WINDOWS\system32\SET308.tmp
C:\WINDOWS\system32\SET307.tmp
C:\WINDOWS\system32\SET305.tmp
C:\WINDOWS\system32\SET303.tmp
C:\WINDOWS\system32\SET2F9.tmp
C:\WINDOWS\system32\SET1147.tmp
C:\WINDOWS\system32\SET5E4.tmp
C:\WINDOWS\system32\SET5DE.tmp
C:\WINDOWS\system32\SET315.tmp
C:\WINDOWS\system32\SET314.tmp
C:\WINDOWS\system32\SET312.tmp
C:\WINDOWS\system32\SET338.tmp
C:\WINDOWS\system32\SET330.tmp
C:\WINDOWS\system32\SET32D.tmp
C:\WINDOWS\system32\SET32C.tmp
C:\WINDOWS\system32\SET32A.tmp
C:\WINDOWS\system32\SET327.tmp
C:\WINDOWS\system32\SET31C.tmp
C:\WINDOWS\system32\SET341.tmp
C:\WINDOWS\system32\SET33F.tmp
C:\WINDOWS\system32\SET34C.tmp
C:\WINDOWS\system32\SET34A.tmp
C:\WINDOWS\system32\SET347.tmp
C:\WINDOWS\system32\SET350.tmp
C:\WINDOWS\system32\SET36A.tmp
C:\WINDOWS\system32\SET368.tmp
C:\WINDOWS\system32\SET366.tmp
C:\WINDOWS\system32\SET362.tmp
C:\WINDOWS\system32\SET382.tmp
C:\WINDOWS\system32\SET374.tmp
C:\WINDOWS\system32\SET372.tmp
C:\WINDOWS\system32\SET370.tmp
C:\WINDOWS\system32\SET36E.tmp
C:\WINDOWS\system32\SET392.tmp
C:\WINDOWS\system32\SET391.tmp
C:\WINDOWS\system32\SET38E.tmp
C:\WINDOWS\system32\SET38C.tmp
C:\WINDOWS\system32\SET38B.tmp
C:\WINDOWS\system32\SET38A.tmp
C:\WINDOWS\system32\SET388.tmp
C:\WINDOWS\system32\SET396.tmp
C:\WINDOWS\system32\SET3A8.tmp
C:\WINDOWS\system32\SET3A7.tmp
C:\WINDOWS\system32\SET3A6.tmp
C:\WINDOWS\system32\SET3A4.tmp
C:\WINDOWS\system32\SET3A0.tmp
C:\WINDOWS\system32\SET1167.tmp
C:\WINDOWS\SET482.tmp
C:\WINDOWS\003393_.tmp
C:\WINDOWS\system32\SET3D6.tmp
C:\WINDOWS\system32\SET3D1.tmp
C:\WINDOWS\system32\SET3D0.tmp
C:\WINDOWS\system32\SET3C8.tmp
C:\WINDOWS\system32\SET3C0.tmp
C:\WINDOWS\system32\SET3B9.tmp
C:\WINDOWS\system32\SET3B4.tmp
C:\WINDOWS\system32\SET3E0.tmp
C:\WINDOWS\system32\SET3F6.tmp
C:\WINDOWS\system32\SET3F3.tmp
C:\WINDOWS\system32\SET3F2.tmp
C:\WINDOWS\system32\SET3F0.tmp
C:\WINDOWS\system32\SET3EF.tmp
C:\WINDOWS\system32\SET401.tmp
C:\WINDOWS\system32\SET3FD.tmp
C:\WINDOWS\system32\SET3FB.tmp
C:\WINDOWS\system32\SET415.tmp
C:\WINDOWS\system32\SET417.tmp
C:\WINDOWS\system32\SET413.tmp
C:\WINDOWS\system32\SET412.tmp
C:\WINDOWS\system32\SET410.tmp
C:\WINDOWS\system32\SET40F.tmp
C:\WINDOWS\system32\SET40D.tmp
C:\WINDOWS\system32\SET40B.tmp
C:\WINDOWS\system32\SET40A.tmp
C:\WINDOWS\system32\SET409.tmp
C:\WINDOWS\system32\SET408.tmp
C:\WINDOWS\system32\SET406.tmp
C:\WINDOWS\system32\SET405.tmp
C:\WINDOWS\system32\SET404.tmp
C:\WINDOWS\system32\SET42B.tmp
C:\WINDOWS\system32\SET41C.tmp
C:\WINDOWS\system32\SET425.tmp
C:\WINDOWS\system32\SET41D.tmp
C:\WINDOWS\system32\SET444.tmp
C:\WINDOWS\system32\SET443.tmp
C:\WINDOWS\system32\SET43F.tmp
C:\WINDOWS\system32\SET43E.tmp
C:\WINDOWS\system32\SET43C.tmp
C:\WINDOWS\system32\SET433.tmp
C:\WINDOWS\system32\SET430.tmp
C:\WINDOWS\system32\SET1170.tmp
C:\WINDOWS\system32\SET116F.tmp
C:\WINDOWS\system32\SET44E.tmp
C:\WINDOWS\system32\SET44C.tmp
C:\WINDOWS\system32\SET449.tmp
C:\WINDOWS\system32\SET448.tmp
C:\WINDOWS\system32\SET456.tmp
C:\WINDOWS\system32\SET453.tmp
C:\WINDOWS\system32\SET45A.tmp
C:\WINDOWS\system32\SET45E.tmp
C:\WINDOWS\system32\SET45C.tmp
C:\WINDOWS\SETF3.tmp
C:\WINDOWS\SETF2.tmp
C:\WINDOWS\SETF1.tmp
C:\WINDOWS\SETF0.tmp
C:\WINDOWS\SETEF.tmp
C:\WINDOWS\SETEE.tmp
C:\WINDOWS\SETED.tmp
C:\WINDOWS\SETEC.tmp
C:\WINDOWS\SETEB.tmp
C:\WINDOWS\SETEA.tmp
C:\WINDOWS\SETE9.tmp
C:\WINDOWS\SETE8.tmp
C:\WINDOWS\SETE7.tmp
C:\WINDOWS\SETE6.tmp
C:\WINDOWS\SETE5.tmp
C:\WINDOWS\SETE4.tmp
C:\WINDOWS\SETE3.tmp
C:\WINDOWS\SETE2.tmp
C:\WINDOWS\SETE1.tmp
C:\WINDOWS\SETE0.tmp
C:\WINDOWS\SETDF.tmp
C:\WINDOWS\SETDE.tmp
C:\WINDOWS\SETDD.tmp
C:\WINDOWS\SETDC.tmp
C:\WINDOWS\SETDB.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\SETD9.tmp
C:\WINDOWS\SETD8.tmp
C:\WINDOWS\SETD7.tmp
C:\WINDOWS\SET94.tmp
C:\WINDOWS\SET88.tmp
C:\WINDOWS\SET85.tmp
C:\WINDOWS\system32\_004949_.tmp.dll
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"swg"=-
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
- Coche Afficher les fichiers et dossiers cachés
- Décoche Masquer les extensions des fichiers dont le type est connu
- Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier :
C:\WINDOWS\u39v22.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
ensuite :
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:services
:files
C:\WINDOWS\system32\SET1120.tmp
C:\WINDOWS\system32\SET111E.tmp
C:\WINDOWS\system32\SET175.tmp
C:\WINDOWS\system32\SET174.tmp
C:\WINDOWS\system32\SET173.tmp
C:\WINDOWS\system32\SET1121.tmp
C:\WINDOWS\system32\SET186.tmp
C:\WINDOWS\system32\SET183.tmp
C:\WINDOWS\system32\SET182.tmp
C:\WINDOWS\system32\SET17A.tmp
C:\WINDOWS\system32\SET178.tmp
C:\WINDOWS\system32\SET176.tmp
C:\WINDOWS\system32\SET1126.tmp
C:\WINDOWS\system32\SET1124.tmp
C:\WINDOWS\system32\SET191.tmp
C:\WINDOWS\system32\SET190.tmp
C:\WINDOWS\system32\SET18F.tmp
C:\WINDOWS\system32\SET1A7.tmp
C:\WINDOWS\system32\SET1A6.tmp
C:\WINDOWS\system32\SET1A5.tmp
C:\WINDOWS\system32\SET19E.tmp
C:\WINDOWS\system32\SET19B.tmp
C:\WINDOWS\system32\SET19A.tmp
C:\WINDOWS\system32\SET199.tmp
C:\WINDOWS\system32\SET197.tmp
C:\WINDOWS\system32\SET196.tmp
C:\WINDOWS\system32\SET195.tmp
C:\WINDOWS\system32\SET194.tmp
C:\WINDOWS\system32\SET193.tmp
C:\WINDOWS\system32\SET1129.tmp
C:\WINDOWS\system32\SET1B2.tmp
C:\WINDOWS\system32\SET1AE.tmp
C:\WINDOWS\system32\SET1AC.tmp
C:\WINDOWS\system32\SET1AA.tmp
C:\WINDOWS\system32\SET1C0.tmp
C:\WINDOWS\system32\SET1BB.tmp
C:\WINDOWS\system32\SET1B9.tmp
C:\WINDOWS\system32\SET1B8.tmp
C:\WINDOWS\system32\SET1B7.tmp
C:\WINDOWS\system32\SET1B5.tmp
C:\WINDOWS\system32\SET1CA.tmp
C:\WINDOWS\system32\SET1C7.tmp
C:\WINDOWS\system32\SET1C4.tmp
C:\WINDOWS\system32\SET1C3.tmp
C:\WINDOWS\system32\SET1C2.tmp
C:\WINDOWS\system32\SET1C1.tmp
C:\WINDOWS\system32\SET1D1.tmp
C:\WINDOWS\system32\SET1D0.tmp
C:\WINDOWS\system32\SET1CF.tmp
C:\WINDOWS\system32\SET1D8.tmp
C:\WINDOWS\system32\SET1D7.tmp
C:\WINDOWS\system32\SET1D6.tmp
C:\WINDOWS\system32\SET1D3.tmp
C:\WINDOWS\system32\SET1F6.tmp
C:\WINDOWS\system32\SET1F5.tmp
C:\WINDOWS\system32\SET1EF.tmp
C:\WINDOWS\system32\SET1EE.tmp
C:\WINDOWS\system32\SET1E5.tmp
C:\WINDOWS\system32\SET1E4.tmp
C:\WINDOWS\system32\SET1E1.tmp
C:\WINDOWS\system32\SET1DF.tmp
C:\WINDOWS\system32\SET1DE.tmp
C:\WINDOWS\system32\SET1F8.tmp
C:\WINDOWS\system32\SET1F7.tmp
C:\WINDOWS\system32\SET112F.tmp
C:\WINDOWS\system32\SET1FC.tmp
C:\WINDOWS\system32\SET221.tmp
C:\WINDOWS\system32\SET220.tmp
C:\WINDOWS\system32\SET21F.tmp
C:\WINDOWS\system32\SET21C.tmp
C:\WINDOWS\system32\SET21B.tmp
C:\WINDOWS\system32\SET217.tmp
C:\WINDOWS\system32\SET216.tmp
C:\WINDOWS\system32\SET213.tmp
C:\WINDOWS\system32\SET212.tmp
C:\WINDOWS\system32\SET211.tmp
C:\WINDOWS\system32\SET20F.tmp
C:\WINDOWS\system32\SET20D.tmp
C:\WINDOWS\system32\SET208.tmp
C:\WINDOWS\system32\SET239.tmp
C:\WINDOWS\system32\SET238.tmp
C:\WINDOWS\system32\SET237.tmp
C:\WINDOWS\system32\SET231.tmp
C:\WINDOWS\system32\SET230.tmp
C:\WINDOWS\system32\SET229.tmp
C:\WINDOWS\system32\SET228.tmp
C:\WINDOWS\system32\SET227.tmp
C:\WINDOWS\system32\SET253.tmp
C:\WINDOWS\system32\SET252.tmp
C:\WINDOWS\system32\SET250.tmp
C:\WINDOWS\system32\SET24E.tmp
C:\WINDOWS\system32\SET242.tmp
C:\WINDOWS\system32\SET241.tmp
C:\WINDOWS\system32\SET23C.tmp
C:\WINDOWS\system32\SET23A.tmp
C:\WINDOWS\system32\SET267.tmp
C:\WINDOWS\system32\SET265.tmp
C:\WINDOWS\system32\SET262.tmp
C:\WINDOWS\system32\SET261.tmp
C:\WINDOWS\system32\SET260.tmp
C:\WINDOWS\system32\SET25F.tmp
C:\WINDOWS\system32\SET257.tmp
C:\WINDOWS\system32\SET256.tmp
C:\WINDOWS\system32\SET254.tmp
C:\WINDOWS\system32\SET279.tmp
C:\WINDOWS\system32\SET26E.tmp
C:\WINDOWS\system32\SET26A.tmp
C:\WINDOWS\system32\SET289.tmp
C:\WINDOWS\system32\SET288.tmp
C:\WINDOWS\system32\SET285.tmp
C:\WINDOWS\system32\SET284.tmp
C:\WINDOWS\system32\SET27D.tmp
C:\WINDOWS\system32\SET27C.tmp
C:\WINDOWS\system32\SET296.tmp
C:\WINDOWS\system32\SET294.tmp
C:\WINDOWS\system32\SET293.tmp
C:\WINDOWS\system32\SET292.tmp
C:\WINDOWS\system32\SET290.tmp
C:\WINDOWS\system32\SET28F.tmp
C:\WINDOWS\system32\SET28E.tmp
C:\WINDOWS\system32\SET28C.tmp
C:\WINDOWS\system32\SET28B.tmp
C:\WINDOWS\system32\SET28A.tmp
C:\WINDOWS\system32\SET1141.tmp
C:\WINDOWS\system32\SET29F.tmp
C:\WINDOWS\system32\SET29E.tmp
C:\WINDOWS\system32\SET299.tmp
C:\WINDOWS\system32\SET2AF.tmp
C:\WINDOWS\system32\SET2AE.tmp
C:\WINDOWS\system32\SET2AC.tmp
C:\WINDOWS\system32\SET2A9.tmp
C:\WINDOWS\system32\SET2A7.tmp
C:\WINDOWS\system32\SET2A6.tmp
C:\WINDOWS\system32\SET2A5.tmp
C:\WINDOWS\system32\SET2A0.tmp
C:\WINDOWS\system32\SET2C7.tmp
C:\WINDOWS\system32\SET2C1.tmp
C:\WINDOWS\system32\SET2BC.tmp
C:\WINDOWS\system32\SET2BA.tmp
C:\WINDOWS\system32\SET2B9.tmp
C:\WINDOWS\system32\SET2B6.tmp
C:\WINDOWS\system32\SET2B3.tmp
C:\WINDOWS\system32\SET2B2.tmp
C:\WINDOWS\system32\SET11B9.tmp
C:\WINDOWS\system32\SET2E2.tmp
C:\WINDOWS\system32\SET2E1.tmp
C:\WINDOWS\system32\SET2E0.tmp
C:\WINDOWS\system32\SET2DE.tmp
C:\WINDOWS\system32\SET2DC.tmp
C:\WINDOWS\system32\SET2D2.tmp
C:\WINDOWS\system32\SET2D1.tmp
C:\WINDOWS\system32\SET2CE.tmp
C:\WINDOWS\system32\SET2CD.tmp
C:\WINDOWS\system32\SET2E3.tmp
C:\WINDOWS\system32\SET2F0.tmp
C:\WINDOWS\system32\SET2EF.tmp
C:\WINDOWS\system32\SET2EE.tmp
C:\WINDOWS\system32\SET2EC.tmp
C:\WINDOWS\system32\SET2F6.tmp
C:\WINDOWS\system32\SET2F5.tmp
C:\WINDOWS\system32\SET2F4.tmp
C:\WINDOWS\system32\SET2F2.tmp
C:\WINDOWS\system32\SET2F1.tmp
C:\WINDOWS\system32\SET30D.tmp
C:\WINDOWS\system32\SET30B.tmp
C:\WINDOWS\system32\SET309.tmp
C:\WINDOWS\system32\SET308.tmp
C:\WINDOWS\system32\SET307.tmp
C:\WINDOWS\system32\SET305.tmp
C:\WINDOWS\system32\SET303.tmp
C:\WINDOWS\system32\SET2F9.tmp
C:\WINDOWS\system32\SET1147.tmp
C:\WINDOWS\system32\SET5E4.tmp
C:\WINDOWS\system32\SET5DE.tmp
C:\WINDOWS\system32\SET315.tmp
C:\WINDOWS\system32\SET314.tmp
C:\WINDOWS\system32\SET312.tmp
C:\WINDOWS\system32\SET338.tmp
C:\WINDOWS\system32\SET330.tmp
C:\WINDOWS\system32\SET32D.tmp
C:\WINDOWS\system32\SET32C.tmp
C:\WINDOWS\system32\SET32A.tmp
C:\WINDOWS\system32\SET327.tmp
C:\WINDOWS\system32\SET31C.tmp
C:\WINDOWS\system32\SET341.tmp
C:\WINDOWS\system32\SET33F.tmp
C:\WINDOWS\system32\SET34C.tmp
C:\WINDOWS\system32\SET34A.tmp
C:\WINDOWS\system32\SET347.tmp
C:\WINDOWS\system32\SET350.tmp
C:\WINDOWS\system32\SET36A.tmp
C:\WINDOWS\system32\SET368.tmp
C:\WINDOWS\system32\SET366.tmp
C:\WINDOWS\system32\SET362.tmp
C:\WINDOWS\system32\SET382.tmp
C:\WINDOWS\system32\SET374.tmp
C:\WINDOWS\system32\SET372.tmp
C:\WINDOWS\system32\SET370.tmp
C:\WINDOWS\system32\SET36E.tmp
C:\WINDOWS\system32\SET392.tmp
C:\WINDOWS\system32\SET391.tmp
C:\WINDOWS\system32\SET38E.tmp
C:\WINDOWS\system32\SET38C.tmp
C:\WINDOWS\system32\SET38B.tmp
C:\WINDOWS\system32\SET38A.tmp
C:\WINDOWS\system32\SET388.tmp
C:\WINDOWS\system32\SET396.tmp
C:\WINDOWS\system32\SET3A8.tmp
C:\WINDOWS\system32\SET3A7.tmp
C:\WINDOWS\system32\SET3A6.tmp
C:\WINDOWS\system32\SET3A4.tmp
C:\WINDOWS\system32\SET3A0.tmp
C:\WINDOWS\system32\SET1167.tmp
C:\WINDOWS\SET482.tmp
C:\WINDOWS\003393_.tmp
C:\WINDOWS\system32\SET3D6.tmp
C:\WINDOWS\system32\SET3D1.tmp
C:\WINDOWS\system32\SET3D0.tmp
C:\WINDOWS\system32\SET3C8.tmp
C:\WINDOWS\system32\SET3C0.tmp
C:\WINDOWS\system32\SET3B9.tmp
C:\WINDOWS\system32\SET3B4.tmp
C:\WINDOWS\system32\SET3E0.tmp
C:\WINDOWS\system32\SET3F6.tmp
C:\WINDOWS\system32\SET3F3.tmp
C:\WINDOWS\system32\SET3F2.tmp
C:\WINDOWS\system32\SET3F0.tmp
C:\WINDOWS\system32\SET3EF.tmp
C:\WINDOWS\system32\SET401.tmp
C:\WINDOWS\system32\SET3FD.tmp
C:\WINDOWS\system32\SET3FB.tmp
C:\WINDOWS\system32\SET415.tmp
C:\WINDOWS\system32\SET417.tmp
C:\WINDOWS\system32\SET413.tmp
C:\WINDOWS\system32\SET412.tmp
C:\WINDOWS\system32\SET410.tmp
C:\WINDOWS\system32\SET40F.tmp
C:\WINDOWS\system32\SET40D.tmp
C:\WINDOWS\system32\SET40B.tmp
C:\WINDOWS\system32\SET40A.tmp
C:\WINDOWS\system32\SET409.tmp
C:\WINDOWS\system32\SET408.tmp
C:\WINDOWS\system32\SET406.tmp
C:\WINDOWS\system32\SET405.tmp
C:\WINDOWS\system32\SET404.tmp
C:\WINDOWS\system32\SET42B.tmp
C:\WINDOWS\system32\SET41C.tmp
C:\WINDOWS\system32\SET425.tmp
C:\WINDOWS\system32\SET41D.tmp
C:\WINDOWS\system32\SET444.tmp
C:\WINDOWS\system32\SET443.tmp
C:\WINDOWS\system32\SET43F.tmp
C:\WINDOWS\system32\SET43E.tmp
C:\WINDOWS\system32\SET43C.tmp
C:\WINDOWS\system32\SET433.tmp
C:\WINDOWS\system32\SET430.tmp
C:\WINDOWS\system32\SET1170.tmp
C:\WINDOWS\system32\SET116F.tmp
C:\WINDOWS\system32\SET44E.tmp
C:\WINDOWS\system32\SET44C.tmp
C:\WINDOWS\system32\SET449.tmp
C:\WINDOWS\system32\SET448.tmp
C:\WINDOWS\system32\SET456.tmp
C:\WINDOWS\system32\SET453.tmp
C:\WINDOWS\system32\SET45A.tmp
C:\WINDOWS\system32\SET45E.tmp
C:\WINDOWS\system32\SET45C.tmp
C:\WINDOWS\SETF3.tmp
C:\WINDOWS\SETF2.tmp
C:\WINDOWS\SETF1.tmp
C:\WINDOWS\SETF0.tmp
C:\WINDOWS\SETEF.tmp
C:\WINDOWS\SETEE.tmp
C:\WINDOWS\SETED.tmp
C:\WINDOWS\SETEC.tmp
C:\WINDOWS\SETEB.tmp
C:\WINDOWS\SETEA.tmp
C:\WINDOWS\SETE9.tmp
C:\WINDOWS\SETE8.tmp
C:\WINDOWS\SETE7.tmp
C:\WINDOWS\SETE6.tmp
C:\WINDOWS\SETE5.tmp
C:\WINDOWS\SETE4.tmp
C:\WINDOWS\SETE3.tmp
C:\WINDOWS\SETE2.tmp
C:\WINDOWS\SETE1.tmp
C:\WINDOWS\SETE0.tmp
C:\WINDOWS\SETDF.tmp
C:\WINDOWS\SETDE.tmp
C:\WINDOWS\SETDD.tmp
C:\WINDOWS\SETDC.tmp
C:\WINDOWS\SETDB.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\SETD9.tmp
C:\WINDOWS\SETD8.tmp
C:\WINDOWS\SETD7.tmp
C:\WINDOWS\SET94.tmp
C:\WINDOWS\SET88.tmp
C:\WINDOWS\SET85.tmp
C:\WINDOWS\system32\_004949_.tmp.dll
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"swg"=-
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Re,
Fichier DRemover.exe reçu le 2009.02.05 22:37:18 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -
Information additionnelle
File size: 135168 bytes
MD5...: d2e58250056996fec0023e8ef08c8563
SHA1..: eef0d0d3f82a89c518e10b77f8729dcc0fec426b
SHA256: 00e8ee665b67bc983811d1d0a83eecbf8b131501ac701c7cef37e9491ddf8e8a
SHA512: 811031b7f0b14c4fcf5334426f27fcdbeca8b8e2d12935b8fc97870f5e4daf8d<BR>f8254ec922e4f44a258a5664757e7d8abf503eb9d7bf00e6b335fd4e714b2e78<BR>
ssdeep: 3072:1a+ANS5hpxJQ+8QR+8lof+H8LoKe4/hQb:1a+US5hpNrjC+cL/<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x573b<BR>timedatestamp.....: 0x3be8f9a9 (Wed Nov 07 09:06:49 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x13f6a 0x14000 6.50 92f164f29b9cb5940373f17ba2d458a7<BR>.rdata 0x15000 0x49dc 0x5000 4.59 9344f56dea6e7feb8f74cc8fa5c07034<BR>.data 0x1a000 0x731c 0x4000 2.28 7ef227836a32689655c8fa3b5f0099f0<BR>.rsrc 0x22000 0x2350 0x3000 3.79 141d0a2e830b33bb7e9bd8313828c4c4<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiCallClassInstaller<BR>> SHLWAPI.dll: SHDeleteKeyA<BR>> KERNEL32.dll: GetFileAttributesA, RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, TerminateProcess, RaiseException, HeapReAlloc, HeapSize, WriteFile, LCMapStringW, UnhandledExceptionFilter, SetFilePointer, FlushFileBuffers, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, InterlockedIncrement, lstrcpyA, SetErrorMode, GetDiskFreeSpaceExA, GetCurrentProcess, GetVersionExA, GetSystemDirectoryA, SetFileAttributesA, DeleteFileA, GetWindowsDirectoryA, Sleep, GetLastError, GetOEMCP, GetCPInfo, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcpynA, LocalFree, MulDiv, SetLastError, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetACP, LCMapStringA<BR>> USER32.dll: AdjustWindowRectEx, SetFocus, CopyRect, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, DestroyMenu, GetTopWindow, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, LoadCursorA, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, GetCapture, GetMenuItemCount, LoadIconA, EnableWindow, GetClientRect, IsIconic, SendMessageA, DrawIcon, ExitWindowsEx, wsprintfA, GetSystemMetrics, GetSubMenu, CreateDialogIndirectParamA, IsWindow, GetWindowPlacement, UnregisterClassA<BR>> GDI32.dll: SetTextColor, GetClipBox, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetObjectA, SetBkColor, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateBitmap, SaveDC<BR>> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -
Information additionnelle
File size: 135168 bytes
MD5...: d2e58250056996fec0023e8ef08c8563
SHA1..: eef0d0d3f82a89c518e10b77f8729dcc0fec426b
SHA256: 00e8ee665b67bc983811d1d0a83eecbf8b131501ac701c7cef37e9491ddf8e8a
SHA512: 811031b7f0b14c4fcf5334426f27fcdbeca8b8e2d12935b8fc97870f5e4daf8d<BR>f8254ec922e4f44a258a5664757e7d8abf503eb9d7bf00e6b335fd4e714b2e78<BR>
ssdeep: 3072:1a+ANS5hpxJQ+8QR+8lof+H8LoKe4/hQb:1a+US5hpNrjC+cL/<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x573b<BR>timedatestamp.....: 0x3be8f9a9 (Wed Nov 07 09:06:49 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x13f6a 0x14000 6.50 92f164f29b9cb5940373f17ba2d458a7<BR>.rdata 0x15000 0x49dc 0x5000 4.59 9344f56dea6e7feb8f74cc8fa5c07034<BR>.data 0x1a000 0x731c 0x4000 2.28 7ef227836a32689655c8fa3b5f0099f0<BR>.rsrc 0x22000 0x2350 0x3000 3.79 141d0a2e830b33bb7e9bd8313828c4c4<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiCallClassInstaller<BR>> SHLWAPI.dll: SHDeleteKeyA<BR>> KERNEL32.dll: GetFileAttributesA, RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, TerminateProcess, RaiseException, HeapReAlloc, HeapSize, WriteFile, LCMapStringW, UnhandledExceptionFilter, SetFilePointer, FlushFileBuffers, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, InterlockedIncrement, lstrcpyA, SetErrorMode, GetDiskFreeSpaceExA, GetCurrentProcess, GetVersionExA, GetSystemDirectoryA, SetFileAttributesA, DeleteFileA, GetWindowsDirectoryA, Sleep, GetLastError, GetOEMCP, GetCPInfo, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcpynA, LocalFree, MulDiv, SetLastError, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetACP, LCMapStringA<BR>> USER32.dll: AdjustWindowRectEx, SetFocus, CopyRect, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, DestroyMenu, GetTopWindow, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, LoadCursorA, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, GetCapture, GetMenuItemCount, LoadIconA, EnableWindow, GetClientRect, IsIconic, SendMessageA, DrawIcon, ExitWindowsEx, wsprintfA, GetSystemMetrics, GetSubMenu, CreateDialogIndirectParamA, IsWindow, GetWindowPlacement, UnregisterClassA<BR>> GDI32.dll: SetTextColor, GetClipBox, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetObjectA, SetBkColor, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateBitmap, SaveDC<BR>> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Fichier DRemover.exe reçu le 2009.02.05 22:37:18 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -
Information additionnelle
File size: 135168 bytes
MD5...: d2e58250056996fec0023e8ef08c8563
SHA1..: eef0d0d3f82a89c518e10b77f8729dcc0fec426b
SHA256: 00e8ee665b67bc983811d1d0a83eecbf8b131501ac701c7cef37e9491ddf8e8a
SHA512: 811031b7f0b14c4fcf5334426f27fcdbeca8b8e2d12935b8fc97870f5e4daf8d<BR>f8254ec922e4f44a258a5664757e7d8abf503eb9d7bf00e6b335fd4e714b2e78<BR>
ssdeep: 3072:1a+ANS5hpxJQ+8QR+8lof+H8LoKe4/hQb:1a+US5hpNrjC+cL/<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x573b<BR>timedatestamp.....: 0x3be8f9a9 (Wed Nov 07 09:06:49 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x13f6a 0x14000 6.50 92f164f29b9cb5940373f17ba2d458a7<BR>.rdata 0x15000 0x49dc 0x5000 4.59 9344f56dea6e7feb8f74cc8fa5c07034<BR>.data 0x1a000 0x731c 0x4000 2.28 7ef227836a32689655c8fa3b5f0099f0<BR>.rsrc 0x22000 0x2350 0x3000 3.79 141d0a2e830b33bb7e9bd8313828c4c4<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiCallClassInstaller<BR>> SHLWAPI.dll: SHDeleteKeyA<BR>> KERNEL32.dll: GetFileAttributesA, RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, TerminateProcess, RaiseException, HeapReAlloc, HeapSize, WriteFile, LCMapStringW, UnhandledExceptionFilter, SetFilePointer, FlushFileBuffers, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, InterlockedIncrement, lstrcpyA, SetErrorMode, GetDiskFreeSpaceExA, GetCurrentProcess, GetVersionExA, GetSystemDirectoryA, SetFileAttributesA, DeleteFileA, GetWindowsDirectoryA, Sleep, GetLastError, GetOEMCP, GetCPInfo, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcpynA, LocalFree, MulDiv, SetLastError, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetACP, LCMapStringA<BR>> USER32.dll: AdjustWindowRectEx, SetFocus, CopyRect, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, DestroyMenu, GetTopWindow, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, LoadCursorA, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, GetCapture, GetMenuItemCount, LoadIconA, EnableWindow, GetClientRect, IsIconic, SendMessageA, DrawIcon, ExitWindowsEx, wsprintfA, GetSystemMetrics, GetSubMenu, CreateDialogIndirectParamA, IsWindow, GetWindowPlacement, UnregisterClassA<BR>> GDI32.dll: SetTextColor, GetClipBox, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetObjectA, SetBkColor, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateBitmap, SaveDC<BR>> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.05 -
AhnLab-V3 5.0.0.2 2009.02.05 -
AntiVir 7.9.0.74 2009.02.05 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1281.0 2009.02.05 -
AVG 8.0.0.229 2009.02.05 -
BitDefender 7.2 2009.02.05 -
CAT-QuickHeal 10.00 2009.02.05 -
ClamAV 0.94.1 2009.02.05 -
Comodo 965 2009.02.05 -
DrWeb 4.44.0.09170 2009.02.05 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6343 2009.02.05 -
F-Prot 4.4.4.56 2009.02.05 -
F-Secure 8.0.14470.0 2009.02.05 -
Fortinet 3.117.0.0 2009.02.05 -
GData 19 2009.02.05 -
Ikarus T3.1.1.45.0 2009.02.05 -
K7AntiVirus 7.10.620 2009.02.05 -
Kaspersky 7.0.0.125 2009.02.05 -
McAfee 5516 2009.02.04 -
McAfee+Artemis 5516 2009.02.04 -
Microsoft 1.4306 2009.02.05 -
NOD32 3831 2009.02.05 -
Norman 6.00.02 2009.02.05 -
nProtect 2009.1.8.0 2009.02.05 -
Panda 9.5.1.2 2009.02.05 -
PCTools 4.4.2.0 2009.02.05 -
Prevx1 V2 2009.02.05 -
Rising 21.15.30.00 2009.02.05 -
SecureWeb-Gateway 6.7.6 2009.02.05 -
Sophos 4.38.0 2009.02.05 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.02.05 -
TheHacker 6.3.1.5.247 2009.02.05 -
TrendMicro 8.700.0.1004 2009.02.05 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.5.1591 2009.02.05 -
VirusBuster 4.5.11.0 2009.02.05 -
Information additionnelle
File size: 135168 bytes
MD5...: d2e58250056996fec0023e8ef08c8563
SHA1..: eef0d0d3f82a89c518e10b77f8729dcc0fec426b
SHA256: 00e8ee665b67bc983811d1d0a83eecbf8b131501ac701c7cef37e9491ddf8e8a
SHA512: 811031b7f0b14c4fcf5334426f27fcdbeca8b8e2d12935b8fc97870f5e4daf8d<BR>f8254ec922e4f44a258a5664757e7d8abf503eb9d7bf00e6b335fd4e714b2e78<BR>
ssdeep: 3072:1a+ANS5hpxJQ+8QR+8lof+H8LoKe4/hQb:1a+US5hpNrjC+cL/<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (53.1%)<BR>Windows Screen Saver (18.4%)<BR>Win32 Executable Generic (12.0%)<BR>Win32 Dynamic Link Library (generic) (10.6%)<BR>Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x573b<BR>timedatestamp.....: 0x3be8f9a9 (Wed Nov 07 09:06:49 2001)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x13f6a 0x14000 6.50 92f164f29b9cb5940373f17ba2d458a7<BR>.rdata 0x15000 0x49dc 0x5000 4.59 9344f56dea6e7feb8f74cc8fa5c07034<BR>.data 0x1a000 0x731c 0x4000 2.28 7ef227836a32689655c8fa3b5f0099f0<BR>.rsrc 0x22000 0x2350 0x3000 3.79 141d0a2e830b33bb7e9bd8313828c4c4<BR><BR>( 8 imports ) <BR>> SETUPAPI.dll: SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiCallClassInstaller<BR>> SHLWAPI.dll: SHDeleteKeyA<BR>> KERNEL32.dll: GetFileAttributesA, RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, TerminateProcess, RaiseException, HeapReAlloc, HeapSize, WriteFile, LCMapStringW, UnhandledExceptionFilter, SetFilePointer, FlushFileBuffers, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, InterlockedIncrement, lstrcpyA, SetErrorMode, GetDiskFreeSpaceExA, GetCurrentProcess, GetVersionExA, GetSystemDirectoryA, SetFileAttributesA, DeleteFileA, GetWindowsDirectoryA, Sleep, GetLastError, GetOEMCP, GetCPInfo, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcpynA, LocalFree, MulDiv, SetLastError, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetACP, LCMapStringA<BR>> USER32.dll: AdjustWindowRectEx, SetFocus, CopyRect, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, DestroyMenu, GetTopWindow, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, LoadCursorA, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowRect, EndDialog, SetActiveWindow, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, GetCapture, GetMenuItemCount, LoadIconA, EnableWindow, GetClientRect, IsIconic, SendMessageA, DrawIcon, ExitWindowsEx, wsprintfA, GetSystemMetrics, GetSubMenu, CreateDialogIndirectParamA, IsWindow, GetWindowPlacement, UnregisterClassA<BR>> GDI32.dll: SetTextColor, GetClipBox, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetObjectA, SetBkColor, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateBitmap, SaveDC<BR>> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA<BR>> ADVAPI32.dll: RegOpenKeyExA, RegCloseKey, LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA<BR>> COMCTL32.dll: -<BR><BR>( 0 exports ) <BR>
CWSandbox info: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
Re,
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\system32\SET1120.tmp moved successfully.
C:\WINDOWS\system32\SET111E.tmp moved successfully.
C:\WINDOWS\system32\SET175.tmp moved successfully.
C:\WINDOWS\system32\SET174.tmp moved successfully.
C:\WINDOWS\system32\SET173.tmp moved successfully.
C:\WINDOWS\system32\SET1121.tmp moved successfully.
C:\WINDOWS\system32\SET186.tmp moved successfully.
C:\WINDOWS\system32\SET183.tmp moved successfully.
C:\WINDOWS\system32\SET182.tmp moved successfully.
C:\WINDOWS\system32\SET17A.tmp moved successfully.
C:\WINDOWS\system32\SET178.tmp moved successfully.
C:\WINDOWS\system32\SET176.tmp moved successfully.
C:\WINDOWS\system32\SET1126.tmp moved successfully.
C:\WINDOWS\system32\SET1124.tmp moved successfully.
C:\WINDOWS\system32\SET191.tmp moved successfully.
C:\WINDOWS\system32\SET190.tmp moved successfully.
C:\WINDOWS\system32\SET18F.tmp moved successfully.
C:\WINDOWS\system32\SET1A7.tmp moved successfully.
C:\WINDOWS\system32\SET1A6.tmp moved successfully.
C:\WINDOWS\system32\SET1A5.tmp moved successfully.
C:\WINDOWS\system32\SET19E.tmp moved successfully.
C:\WINDOWS\system32\SET19B.tmp moved successfully.
C:\WINDOWS\system32\SET19A.tmp moved successfully.
C:\WINDOWS\system32\SET199.tmp moved successfully.
C:\WINDOWS\system32\SET197.tmp moved successfully.
C:\WINDOWS\system32\SET196.tmp moved successfully.
C:\WINDOWS\system32\SET195.tmp moved successfully.
C:\WINDOWS\system32\SET194.tmp moved successfully.
C:\WINDOWS\system32\SET193.tmp moved successfully.
C:\WINDOWS\system32\SET1129.tmp moved successfully.
C:\WINDOWS\system32\SET1B2.tmp moved successfully.
C:\WINDOWS\system32\SET1AE.tmp moved successfully.
C:\WINDOWS\system32\SET1AC.tmp moved successfully.
C:\WINDOWS\system32\SET1AA.tmp moved successfully.
C:\WINDOWS\system32\SET1C0.tmp moved successfully.
C:\WINDOWS\system32\SET1BB.tmp moved successfully.
C:\WINDOWS\system32\SET1B9.tmp moved successfully.
C:\WINDOWS\system32\SET1B8.tmp moved successfully.
C:\WINDOWS\system32\SET1B7.tmp moved successfully.
C:\WINDOWS\system32\SET1B5.tmp moved successfully.
C:\WINDOWS\system32\SET1CA.tmp moved successfully.
C:\WINDOWS\system32\SET1C7.tmp moved successfully.
C:\WINDOWS\system32\SET1C4.tmp moved successfully.
C:\WINDOWS\system32\SET1C3.tmp moved successfully.
C:\WINDOWS\system32\SET1C2.tmp moved successfully.
C:\WINDOWS\system32\SET1C1.tmp moved successfully.
C:\WINDOWS\system32\SET1D1.tmp moved successfully.
C:\WINDOWS\system32\SET1D0.tmp moved successfully.
C:\WINDOWS\system32\SET1CF.tmp moved successfully.
C:\WINDOWS\system32\SET1D8.tmp moved successfully.
C:\WINDOWS\system32\SET1D7.tmp moved successfully.
C:\WINDOWS\system32\SET1D6.tmp moved successfully.
C:\WINDOWS\system32\SET1D3.tmp moved successfully.
C:\WINDOWS\system32\SET1F6.tmp moved successfully.
C:\WINDOWS\system32\SET1F5.tmp moved successfully.
C:\WINDOWS\system32\SET1EF.tmp moved successfully.
C:\WINDOWS\system32\SET1EE.tmp moved successfully.
C:\WINDOWS\system32\SET1E5.tmp moved successfully.
C:\WINDOWS\system32\SET1E4.tmp moved successfully.
C:\WINDOWS\system32\SET1E1.tmp moved successfully.
C:\WINDOWS\system32\SET1DF.tmp moved successfully.
C:\WINDOWS\system32\SET1DE.tmp moved successfully.
C:\WINDOWS\system32\SET1F8.tmp moved successfully.
C:\WINDOWS\system32\SET1F7.tmp moved successfully.
C:\WINDOWS\system32\SET112F.tmp moved successfully.
C:\WINDOWS\system32\SET1FC.tmp moved successfully.
C:\WINDOWS\system32\SET221.tmp moved successfully.
C:\WINDOWS\system32\SET220.tmp moved successfully.
C:\WINDOWS\system32\SET21F.tmp moved successfully.
C:\WINDOWS\system32\SET21C.tmp moved successfully.
C:\WINDOWS\system32\SET21B.tmp moved successfully.
C:\WINDOWS\system32\SET217.tmp moved successfully.
C:\WINDOWS\system32\SET216.tmp moved successfully.
C:\WINDOWS\system32\SET213.tmp moved successfully.
C:\WINDOWS\system32\SET212.tmp moved successfully.
C:\WINDOWS\system32\SET211.tmp moved successfully.
C:\WINDOWS\system32\SET20F.tmp moved successfully.
C:\WINDOWS\system32\SET20D.tmp moved successfully.
C:\WINDOWS\system32\SET208.tmp moved successfully.
C:\WINDOWS\system32\SET239.tmp moved successfully.
C:\WINDOWS\system32\SET238.tmp moved successfully.
C:\WINDOWS\system32\SET237.tmp moved successfully.
C:\WINDOWS\system32\SET231.tmp moved successfully.
C:\WINDOWS\system32\SET230.tmp moved successfully.
C:\WINDOWS\system32\SET229.tmp moved successfully.
C:\WINDOWS\system32\SET228.tmp moved successfully.
C:\WINDOWS\system32\SET227.tmp moved successfully.
C:\WINDOWS\system32\SET253.tmp moved successfully.
C:\WINDOWS\system32\SET252.tmp moved successfully.
C:\WINDOWS\system32\SET250.tmp moved successfully.
C:\WINDOWS\system32\SET24E.tmp moved successfully.
C:\WINDOWS\system32\SET242.tmp moved successfully.
C:\WINDOWS\system32\SET241.tmp moved successfully.
C:\WINDOWS\system32\SET23C.tmp moved successfully.
C:\WINDOWS\system32\SET23A.tmp moved successfully.
C:\WINDOWS\system32\SET267.tmp moved successfully.
C:\WINDOWS\system32\SET265.tmp moved successfully.
C:\WINDOWS\system32\SET262.tmp moved successfully.
C:\WINDOWS\system32\SET261.tmp moved successfully.
C:\WINDOWS\system32\SET260.tmp moved successfully.
C:\WINDOWS\system32\SET25F.tmp moved successfully.
C:\WINDOWS\system32\SET257.tmp moved successfully.
C:\WINDOWS\system32\SET256.tmp moved successfully.
C:\WINDOWS\system32\SET254.tmp moved successfully.
C:\WINDOWS\system32\SET279.tmp moved successfully.
C:\WINDOWS\system32\SET26E.tmp moved successfully.
C:\WINDOWS\system32\SET26A.tmp moved successfully.
C:\WINDOWS\system32\SET289.tmp moved successfully.
C:\WINDOWS\system32\SET288.tmp moved successfully.
C:\WINDOWS\system32\SET285.tmp moved successfully.
C:\WINDOWS\system32\SET284.tmp moved successfully.
C:\WINDOWS\system32\SET27D.tmp moved successfully.
C:\WINDOWS\system32\SET27C.tmp moved successfully.
C:\WINDOWS\system32\SET296.tmp moved successfully.
C:\WINDOWS\system32\SET294.tmp moved successfully.
C:\WINDOWS\system32\SET293.tmp moved successfully.
C:\WINDOWS\system32\SET292.tmp moved successfully.
C:\WINDOWS\system32\SET290.tmp moved successfully.
C:\WINDOWS\system32\SET28F.tmp moved successfully.
C:\WINDOWS\system32\SET28E.tmp moved successfully.
C:\WINDOWS\system32\SET28C.tmp moved successfully.
C:\WINDOWS\system32\SET28B.tmp moved successfully.
C:\WINDOWS\system32\SET28A.tmp moved successfully.
C:\WINDOWS\system32\SET1141.tmp moved successfully.
C:\WINDOWS\system32\SET29F.tmp moved successfully.
C:\WINDOWS\system32\SET29E.tmp moved successfully.
C:\WINDOWS\system32\SET299.tmp moved successfully.
C:\WINDOWS\system32\SET2AF.tmp moved successfully.
C:\WINDOWS\system32\SET2AE.tmp moved successfully.
C:\WINDOWS\system32\SET2AC.tmp moved successfully.
C:\WINDOWS\system32\SET2A9.tmp moved successfully.
C:\WINDOWS\system32\SET2A7.tmp moved successfully.
C:\WINDOWS\system32\SET2A6.tmp moved successfully.
C:\WINDOWS\system32\SET2A5.tmp moved successfully.
C:\WINDOWS\system32\SET2A0.tmp moved successfully.
C:\WINDOWS\system32\SET2C7.tmp moved successfully.
C:\WINDOWS\system32\SET2C1.tmp moved successfully.
C:\WINDOWS\system32\SET2BC.tmp moved successfully.
C:\WINDOWS\system32\SET2BA.tmp moved successfully.
C:\WINDOWS\system32\SET2B9.tmp moved successfully.
C:\WINDOWS\system32\SET2B6.tmp moved successfully.
C:\WINDOWS\system32\SET2B3.tmp moved successfully.
C:\WINDOWS\system32\SET2B2.tmp moved successfully.
C:\WINDOWS\system32\SET11B9.tmp moved successfully.
C:\WINDOWS\system32\SET2E2.tmp moved successfully.
C:\WINDOWS\system32\SET2E1.tmp moved successfully.
C:\WINDOWS\system32\SET2E0.tmp moved successfully.
C:\WINDOWS\system32\SET2DE.tmp moved successfully.
C:\WINDOWS\system32\SET2DC.tmp moved successfully.
C:\WINDOWS\system32\SET2D2.tmp moved successfully.
C:\WINDOWS\system32\SET2D1.tmp moved successfully.
C:\WINDOWS\system32\SET2CE.tmp moved successfully.
C:\WINDOWS\system32\SET2CD.tmp moved successfully.
C:\WINDOWS\system32\SET2E3.tmp moved successfully.
C:\WINDOWS\system32\SET2F0.tmp moved successfully.
C:\WINDOWS\system32\SET2EF.tmp moved successfully.
C:\WINDOWS\system32\SET2EE.tmp moved successfully.
C:\WINDOWS\system32\SET2EC.tmp moved successfully.
C:\WINDOWS\system32\SET2F6.tmp moved successfully.
C:\WINDOWS\system32\SET2F5.tmp moved successfully.
C:\WINDOWS\system32\SET2F4.tmp moved successfully.
C:\WINDOWS\system32\SET2F2.tmp moved successfully.
C:\WINDOWS\system32\SET2F1.tmp moved successfully.
C:\WINDOWS\system32\SET30D.tmp moved successfully.
C:\WINDOWS\system32\SET30B.tmp moved successfully.
C:\WINDOWS\system32\SET309.tmp moved successfully.
C:\WINDOWS\system32\SET308.tmp moved successfully.
C:\WINDOWS\system32\SET307.tmp moved successfully.
C:\WINDOWS\system32\SET305.tmp moved successfully.
C:\WINDOWS\system32\SET303.tmp moved successfully.
C:\WINDOWS\system32\SET2F9.tmp moved successfully.
C:\WINDOWS\system32\SET1147.tmp moved successfully.
C:\WINDOWS\system32\SET5E4.tmp moved successfully.
C:\WINDOWS\system32\SET5DE.tmp moved successfully.
C:\WINDOWS\system32\SET315.tmp moved successfully.
C:\WINDOWS\system32\SET314.tmp moved successfully.
C:\WINDOWS\system32\SET312.tmp moved successfully.
C:\WINDOWS\system32\SET338.tmp moved successfully.
C:\WINDOWS\system32\SET330.tmp moved successfully.
C:\WINDOWS\system32\SET32D.tmp moved successfully.
C:\WINDOWS\system32\SET32C.tmp moved successfully.
C:\WINDOWS\system32\SET32A.tmp moved successfully.
C:\WINDOWS\system32\SET327.tmp moved successfully.
C:\WINDOWS\system32\SET31C.tmp moved successfully.
C:\WINDOWS\system32\SET341.tmp moved successfully.
C:\WINDOWS\system32\SET33F.tmp moved successfully.
C:\WINDOWS\system32\SET34C.tmp moved successfully.
C:\WINDOWS\system32\SET34A.tmp moved successfully.
C:\WINDOWS\system32\SET347.tmp moved successfully.
C:\WINDOWS\system32\SET350.tmp moved successfully.
C:\WINDOWS\system32\SET36A.tmp moved successfully.
C:\WINDOWS\system32\SET368.tmp moved successfully.
C:\WINDOWS\system32\SET366.tmp moved successfully.
C:\WINDOWS\system32\SET362.tmp moved successfully.
C:\WINDOWS\system32\SET382.tmp moved successfully.
C:\WINDOWS\system32\SET374.tmp moved successfully.
C:\WINDOWS\system32\SET372.tmp moved successfully.
C:\WINDOWS\system32\SET370.tmp moved successfully.
C:\WINDOWS\system32\SET36E.tmp moved successfully.
C:\WINDOWS\system32\SET392.tmp moved successfully.
C:\WINDOWS\system32\SET391.tmp moved successfully.
C:\WINDOWS\system32\SET38E.tmp moved successfully.
C:\WINDOWS\system32\SET38C.tmp moved successfully.
C:\WINDOWS\system32\SET38B.tmp moved successfully.
C:\WINDOWS\system32\SET38A.tmp moved successfully.
C:\WINDOWS\system32\SET388.tmp moved successfully.
C:\WINDOWS\system32\SET396.tmp moved successfully.
C:\WINDOWS\system32\SET3A8.tmp moved successfully.
C:\WINDOWS\system32\SET3A7.tmp moved successfully.
C:\WINDOWS\system32\SET3A6.tmp moved successfully.
C:\WINDOWS\system32\SET3A4.tmp moved successfully.
C:\WINDOWS\system32\SET3A0.tmp moved successfully.
C:\WINDOWS\system32\SET1167.tmp moved successfully.
C:\WINDOWS\SET482.tmp moved successfully.
C:\WINDOWS\003393_.tmp moved successfully.
C:\WINDOWS\system32\SET3D6.tmp moved successfully.
C:\WINDOWS\system32\SET3D1.tmp moved successfully.
C:\WINDOWS\system32\SET3D0.tmp moved successfully.
C:\WINDOWS\system32\SET3C8.tmp moved successfully.
C:\WINDOWS\system32\SET3C0.tmp moved successfully.
C:\WINDOWS\system32\SET3B9.tmp moved successfully.
C:\WINDOWS\system32\SET3B4.tmp moved successfully.
C:\WINDOWS\system32\SET3E0.tmp moved successfully.
C:\WINDOWS\system32\SET3F6.tmp moved successfully.
C:\WINDOWS\system32\SET3F3.tmp moved successfully.
C:\WINDOWS\system32\SET3F2.tmp moved successfully.
C:\WINDOWS\system32\SET3F0.tmp moved successfully.
C:\WINDOWS\system32\SET3EF.tmp moved successfully.
C:\WINDOWS\system32\SET401.tmp moved successfully.
C:\WINDOWS\system32\SET3FD.tmp moved successfully.
C:\WINDOWS\system32\SET3FB.tmp moved successfully.
C:\WINDOWS\system32\SET415.tmp moved successfully.
C:\WINDOWS\system32\SET417.tmp moved successfully.
C:\WINDOWS\system32\SET413.tmp moved successfully.
C:\WINDOWS\system32\SET412.tmp moved successfully.
C:\WINDOWS\system32\SET410.tmp moved successfully.
C:\WINDOWS\system32\SET40F.tmp moved successfully.
C:\WINDOWS\system32\SET40D.tmp moved successfully.
C:\WINDOWS\system32\SET40B.tmp moved successfully.
C:\WINDOWS\system32\SET40A.tmp moved successfully.
C:\WINDOWS\system32\SET409.tmp moved successfully.
C:\WINDOWS\system32\SET408.tmp moved successfully.
C:\WINDOWS\system32\SET406.tmp moved successfully.
C:\WINDOWS\system32\SET405.tmp moved successfully.
C:\WINDOWS\system32\SET404.tmp moved successfully.
C:\WINDOWS\system32\SET42B.tmp moved successfully.
C:\WINDOWS\system32\SET41C.tmp moved successfully.
C:\WINDOWS\system32\SET425.tmp moved successfully.
C:\WINDOWS\system32\SET41D.tmp moved successfully.
C:\WINDOWS\system32\SET444.tmp moved successfully.
C:\WINDOWS\system32\SET443.tmp moved successfully.
C:\WINDOWS\system32\SET43F.tmp moved successfully.
C:\WINDOWS\system32\SET43E.tmp moved successfully.
C:\WINDOWS\system32\SET43C.tmp moved successfully.
C:\WINDOWS\system32\SET433.tmp moved successfully.
C:\WINDOWS\system32\SET430.tmp moved successfully.
C:\WINDOWS\system32\SET1170.tmp moved successfully.
C:\WINDOWS\system32\SET116F.tmp moved successfully.
C:\WINDOWS\system32\SET44E.tmp moved successfully.
C:\WINDOWS\system32\SET44C.tmp moved successfully.
C:\WINDOWS\system32\SET449.tmp moved successfully.
C:\WINDOWS\system32\SET448.tmp moved successfully.
C:\WINDOWS\system32\SET456.tmp moved successfully.
C:\WINDOWS\system32\SET453.tmp moved successfully.
C:\WINDOWS\system32\SET45A.tmp moved successfully.
C:\WINDOWS\system32\SET45E.tmp moved successfully.
C:\WINDOWS\system32\SET45C.tmp moved successfully.
C:\WINDOWS\SETF3.tmp moved successfully.
C:\WINDOWS\SETF2.tmp moved successfully.
C:\WINDOWS\SETF1.tmp moved successfully.
C:\WINDOWS\SETF0.tmp moved successfully.
C:\WINDOWS\SETEF.tmp moved successfully.
C:\WINDOWS\SETEE.tmp moved successfully.
C:\WINDOWS\SETED.tmp moved successfully.
C:\WINDOWS\SETEC.tmp moved successfully.
C:\WINDOWS\SETEB.tmp moved successfully.
C:\WINDOWS\SETEA.tmp moved successfully.
C:\WINDOWS\SETE9.tmp moved successfully.
C:\WINDOWS\SETE8.tmp moved successfully.
C:\WINDOWS\SETE7.tmp moved successfully.
C:\WINDOWS\SETE6.tmp moved successfully.
C:\WINDOWS\SETE5.tmp moved successfully.
C:\WINDOWS\SETE4.tmp moved successfully.
C:\WINDOWS\SETE3.tmp moved successfully.
C:\WINDOWS\SETE2.tmp moved successfully.
C:\WINDOWS\SETE1.tmp moved successfully.
C:\WINDOWS\SETE0.tmp moved successfully.
C:\WINDOWS\SETDF.tmp moved successfully.
C:\WINDOWS\SETDE.tmp moved successfully.
C:\WINDOWS\SETDD.tmp moved successfully.
C:\WINDOWS\SETDC.tmp moved successfully.
C:\WINDOWS\SETDB.tmp moved successfully.
C:\WINDOWS\SETDA.tmp moved successfully.
C:\WINDOWS\SETD9.tmp moved successfully.
C:\WINDOWS\SETD8.tmp moved successfully.
C:\WINDOWS\SETD7.tmp moved successfully.
C:\WINDOWS\SET94.tmp moved successfully.
C:\WINDOWS\SET88.tmp moved successfully.
C:\WINDOWS\SET85.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_004949_.tmp.dll
C:\WINDOWS\system32\_004949_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_004949_.tmp.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03202009_231343
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\system32\SET1120.tmp moved successfully.
C:\WINDOWS\system32\SET111E.tmp moved successfully.
C:\WINDOWS\system32\SET175.tmp moved successfully.
C:\WINDOWS\system32\SET174.tmp moved successfully.
C:\WINDOWS\system32\SET173.tmp moved successfully.
C:\WINDOWS\system32\SET1121.tmp moved successfully.
C:\WINDOWS\system32\SET186.tmp moved successfully.
C:\WINDOWS\system32\SET183.tmp moved successfully.
C:\WINDOWS\system32\SET182.tmp moved successfully.
C:\WINDOWS\system32\SET17A.tmp moved successfully.
C:\WINDOWS\system32\SET178.tmp moved successfully.
C:\WINDOWS\system32\SET176.tmp moved successfully.
C:\WINDOWS\system32\SET1126.tmp moved successfully.
C:\WINDOWS\system32\SET1124.tmp moved successfully.
C:\WINDOWS\system32\SET191.tmp moved successfully.
C:\WINDOWS\system32\SET190.tmp moved successfully.
C:\WINDOWS\system32\SET18F.tmp moved successfully.
C:\WINDOWS\system32\SET1A7.tmp moved successfully.
C:\WINDOWS\system32\SET1A6.tmp moved successfully.
C:\WINDOWS\system32\SET1A5.tmp moved successfully.
C:\WINDOWS\system32\SET19E.tmp moved successfully.
C:\WINDOWS\system32\SET19B.tmp moved successfully.
C:\WINDOWS\system32\SET19A.tmp moved successfully.
C:\WINDOWS\system32\SET199.tmp moved successfully.
C:\WINDOWS\system32\SET197.tmp moved successfully.
C:\WINDOWS\system32\SET196.tmp moved successfully.
C:\WINDOWS\system32\SET195.tmp moved successfully.
C:\WINDOWS\system32\SET194.tmp moved successfully.
C:\WINDOWS\system32\SET193.tmp moved successfully.
C:\WINDOWS\system32\SET1129.tmp moved successfully.
C:\WINDOWS\system32\SET1B2.tmp moved successfully.
C:\WINDOWS\system32\SET1AE.tmp moved successfully.
C:\WINDOWS\system32\SET1AC.tmp moved successfully.
C:\WINDOWS\system32\SET1AA.tmp moved successfully.
C:\WINDOWS\system32\SET1C0.tmp moved successfully.
C:\WINDOWS\system32\SET1BB.tmp moved successfully.
C:\WINDOWS\system32\SET1B9.tmp moved successfully.
C:\WINDOWS\system32\SET1B8.tmp moved successfully.
C:\WINDOWS\system32\SET1B7.tmp moved successfully.
C:\WINDOWS\system32\SET1B5.tmp moved successfully.
C:\WINDOWS\system32\SET1CA.tmp moved successfully.
C:\WINDOWS\system32\SET1C7.tmp moved successfully.
C:\WINDOWS\system32\SET1C4.tmp moved successfully.
C:\WINDOWS\system32\SET1C3.tmp moved successfully.
C:\WINDOWS\system32\SET1C2.tmp moved successfully.
C:\WINDOWS\system32\SET1C1.tmp moved successfully.
C:\WINDOWS\system32\SET1D1.tmp moved successfully.
C:\WINDOWS\system32\SET1D0.tmp moved successfully.
C:\WINDOWS\system32\SET1CF.tmp moved successfully.
C:\WINDOWS\system32\SET1D8.tmp moved successfully.
C:\WINDOWS\system32\SET1D7.tmp moved successfully.
C:\WINDOWS\system32\SET1D6.tmp moved successfully.
C:\WINDOWS\system32\SET1D3.tmp moved successfully.
C:\WINDOWS\system32\SET1F6.tmp moved successfully.
C:\WINDOWS\system32\SET1F5.tmp moved successfully.
C:\WINDOWS\system32\SET1EF.tmp moved successfully.
C:\WINDOWS\system32\SET1EE.tmp moved successfully.
C:\WINDOWS\system32\SET1E5.tmp moved successfully.
C:\WINDOWS\system32\SET1E4.tmp moved successfully.
C:\WINDOWS\system32\SET1E1.tmp moved successfully.
C:\WINDOWS\system32\SET1DF.tmp moved successfully.
C:\WINDOWS\system32\SET1DE.tmp moved successfully.
C:\WINDOWS\system32\SET1F8.tmp moved successfully.
C:\WINDOWS\system32\SET1F7.tmp moved successfully.
C:\WINDOWS\system32\SET112F.tmp moved successfully.
C:\WINDOWS\system32\SET1FC.tmp moved successfully.
C:\WINDOWS\system32\SET221.tmp moved successfully.
C:\WINDOWS\system32\SET220.tmp moved successfully.
C:\WINDOWS\system32\SET21F.tmp moved successfully.
C:\WINDOWS\system32\SET21C.tmp moved successfully.
C:\WINDOWS\system32\SET21B.tmp moved successfully.
C:\WINDOWS\system32\SET217.tmp moved successfully.
C:\WINDOWS\system32\SET216.tmp moved successfully.
C:\WINDOWS\system32\SET213.tmp moved successfully.
C:\WINDOWS\system32\SET212.tmp moved successfully.
C:\WINDOWS\system32\SET211.tmp moved successfully.
C:\WINDOWS\system32\SET20F.tmp moved successfully.
C:\WINDOWS\system32\SET20D.tmp moved successfully.
C:\WINDOWS\system32\SET208.tmp moved successfully.
C:\WINDOWS\system32\SET239.tmp moved successfully.
C:\WINDOWS\system32\SET238.tmp moved successfully.
C:\WINDOWS\system32\SET237.tmp moved successfully.
C:\WINDOWS\system32\SET231.tmp moved successfully.
C:\WINDOWS\system32\SET230.tmp moved successfully.
C:\WINDOWS\system32\SET229.tmp moved successfully.
C:\WINDOWS\system32\SET228.tmp moved successfully.
C:\WINDOWS\system32\SET227.tmp moved successfully.
C:\WINDOWS\system32\SET253.tmp moved successfully.
C:\WINDOWS\system32\SET252.tmp moved successfully.
C:\WINDOWS\system32\SET250.tmp moved successfully.
C:\WINDOWS\system32\SET24E.tmp moved successfully.
C:\WINDOWS\system32\SET242.tmp moved successfully.
C:\WINDOWS\system32\SET241.tmp moved successfully.
C:\WINDOWS\system32\SET23C.tmp moved successfully.
C:\WINDOWS\system32\SET23A.tmp moved successfully.
C:\WINDOWS\system32\SET267.tmp moved successfully.
C:\WINDOWS\system32\SET265.tmp moved successfully.
C:\WINDOWS\system32\SET262.tmp moved successfully.
C:\WINDOWS\system32\SET261.tmp moved successfully.
C:\WINDOWS\system32\SET260.tmp moved successfully.
C:\WINDOWS\system32\SET25F.tmp moved successfully.
C:\WINDOWS\system32\SET257.tmp moved successfully.
C:\WINDOWS\system32\SET256.tmp moved successfully.
C:\WINDOWS\system32\SET254.tmp moved successfully.
C:\WINDOWS\system32\SET279.tmp moved successfully.
C:\WINDOWS\system32\SET26E.tmp moved successfully.
C:\WINDOWS\system32\SET26A.tmp moved successfully.
C:\WINDOWS\system32\SET289.tmp moved successfully.
C:\WINDOWS\system32\SET288.tmp moved successfully.
C:\WINDOWS\system32\SET285.tmp moved successfully.
C:\WINDOWS\system32\SET284.tmp moved successfully.
C:\WINDOWS\system32\SET27D.tmp moved successfully.
C:\WINDOWS\system32\SET27C.tmp moved successfully.
C:\WINDOWS\system32\SET296.tmp moved successfully.
C:\WINDOWS\system32\SET294.tmp moved successfully.
C:\WINDOWS\system32\SET293.tmp moved successfully.
C:\WINDOWS\system32\SET292.tmp moved successfully.
C:\WINDOWS\system32\SET290.tmp moved successfully.
C:\WINDOWS\system32\SET28F.tmp moved successfully.
C:\WINDOWS\system32\SET28E.tmp moved successfully.
C:\WINDOWS\system32\SET28C.tmp moved successfully.
C:\WINDOWS\system32\SET28B.tmp moved successfully.
C:\WINDOWS\system32\SET28A.tmp moved successfully.
C:\WINDOWS\system32\SET1141.tmp moved successfully.
C:\WINDOWS\system32\SET29F.tmp moved successfully.
C:\WINDOWS\system32\SET29E.tmp moved successfully.
C:\WINDOWS\system32\SET299.tmp moved successfully.
C:\WINDOWS\system32\SET2AF.tmp moved successfully.
C:\WINDOWS\system32\SET2AE.tmp moved successfully.
C:\WINDOWS\system32\SET2AC.tmp moved successfully.
C:\WINDOWS\system32\SET2A9.tmp moved successfully.
C:\WINDOWS\system32\SET2A7.tmp moved successfully.
C:\WINDOWS\system32\SET2A6.tmp moved successfully.
C:\WINDOWS\system32\SET2A5.tmp moved successfully.
C:\WINDOWS\system32\SET2A0.tmp moved successfully.
C:\WINDOWS\system32\SET2C7.tmp moved successfully.
C:\WINDOWS\system32\SET2C1.tmp moved successfully.
C:\WINDOWS\system32\SET2BC.tmp moved successfully.
C:\WINDOWS\system32\SET2BA.tmp moved successfully.
C:\WINDOWS\system32\SET2B9.tmp moved successfully.
C:\WINDOWS\system32\SET2B6.tmp moved successfully.
C:\WINDOWS\system32\SET2B3.tmp moved successfully.
C:\WINDOWS\system32\SET2B2.tmp moved successfully.
C:\WINDOWS\system32\SET11B9.tmp moved successfully.
C:\WINDOWS\system32\SET2E2.tmp moved successfully.
C:\WINDOWS\system32\SET2E1.tmp moved successfully.
C:\WINDOWS\system32\SET2E0.tmp moved successfully.
C:\WINDOWS\system32\SET2DE.tmp moved successfully.
C:\WINDOWS\system32\SET2DC.tmp moved successfully.
C:\WINDOWS\system32\SET2D2.tmp moved successfully.
C:\WINDOWS\system32\SET2D1.tmp moved successfully.
C:\WINDOWS\system32\SET2CE.tmp moved successfully.
C:\WINDOWS\system32\SET2CD.tmp moved successfully.
C:\WINDOWS\system32\SET2E3.tmp moved successfully.
C:\WINDOWS\system32\SET2F0.tmp moved successfully.
C:\WINDOWS\system32\SET2EF.tmp moved successfully.
C:\WINDOWS\system32\SET2EE.tmp moved successfully.
C:\WINDOWS\system32\SET2EC.tmp moved successfully.
C:\WINDOWS\system32\SET2F6.tmp moved successfully.
C:\WINDOWS\system32\SET2F5.tmp moved successfully.
C:\WINDOWS\system32\SET2F4.tmp moved successfully.
C:\WINDOWS\system32\SET2F2.tmp moved successfully.
C:\WINDOWS\system32\SET2F1.tmp moved successfully.
C:\WINDOWS\system32\SET30D.tmp moved successfully.
C:\WINDOWS\system32\SET30B.tmp moved successfully.
C:\WINDOWS\system32\SET309.tmp moved successfully.
C:\WINDOWS\system32\SET308.tmp moved successfully.
C:\WINDOWS\system32\SET307.tmp moved successfully.
C:\WINDOWS\system32\SET305.tmp moved successfully.
C:\WINDOWS\system32\SET303.tmp moved successfully.
C:\WINDOWS\system32\SET2F9.tmp moved successfully.
C:\WINDOWS\system32\SET1147.tmp moved successfully.
C:\WINDOWS\system32\SET5E4.tmp moved successfully.
C:\WINDOWS\system32\SET5DE.tmp moved successfully.
C:\WINDOWS\system32\SET315.tmp moved successfully.
C:\WINDOWS\system32\SET314.tmp moved successfully.
C:\WINDOWS\system32\SET312.tmp moved successfully.
C:\WINDOWS\system32\SET338.tmp moved successfully.
C:\WINDOWS\system32\SET330.tmp moved successfully.
C:\WINDOWS\system32\SET32D.tmp moved successfully.
C:\WINDOWS\system32\SET32C.tmp moved successfully.
C:\WINDOWS\system32\SET32A.tmp moved successfully.
C:\WINDOWS\system32\SET327.tmp moved successfully.
C:\WINDOWS\system32\SET31C.tmp moved successfully.
C:\WINDOWS\system32\SET341.tmp moved successfully.
C:\WINDOWS\system32\SET33F.tmp moved successfully.
C:\WINDOWS\system32\SET34C.tmp moved successfully.
C:\WINDOWS\system32\SET34A.tmp moved successfully.
C:\WINDOWS\system32\SET347.tmp moved successfully.
C:\WINDOWS\system32\SET350.tmp moved successfully.
C:\WINDOWS\system32\SET36A.tmp moved successfully.
C:\WINDOWS\system32\SET368.tmp moved successfully.
C:\WINDOWS\system32\SET366.tmp moved successfully.
C:\WINDOWS\system32\SET362.tmp moved successfully.
C:\WINDOWS\system32\SET382.tmp moved successfully.
C:\WINDOWS\system32\SET374.tmp moved successfully.
C:\WINDOWS\system32\SET372.tmp moved successfully.
C:\WINDOWS\system32\SET370.tmp moved successfully.
C:\WINDOWS\system32\SET36E.tmp moved successfully.
C:\WINDOWS\system32\SET392.tmp moved successfully.
C:\WINDOWS\system32\SET391.tmp moved successfully.
C:\WINDOWS\system32\SET38E.tmp moved successfully.
C:\WINDOWS\system32\SET38C.tmp moved successfully.
C:\WINDOWS\system32\SET38B.tmp moved successfully.
C:\WINDOWS\system32\SET38A.tmp moved successfully.
C:\WINDOWS\system32\SET388.tmp moved successfully.
C:\WINDOWS\system32\SET396.tmp moved successfully.
C:\WINDOWS\system32\SET3A8.tmp moved successfully.
C:\WINDOWS\system32\SET3A7.tmp moved successfully.
C:\WINDOWS\system32\SET3A6.tmp moved successfully.
C:\WINDOWS\system32\SET3A4.tmp moved successfully.
C:\WINDOWS\system32\SET3A0.tmp moved successfully.
C:\WINDOWS\system32\SET1167.tmp moved successfully.
C:\WINDOWS\SET482.tmp moved successfully.
C:\WINDOWS\003393_.tmp moved successfully.
C:\WINDOWS\system32\SET3D6.tmp moved successfully.
C:\WINDOWS\system32\SET3D1.tmp moved successfully.
C:\WINDOWS\system32\SET3D0.tmp moved successfully.
C:\WINDOWS\system32\SET3C8.tmp moved successfully.
C:\WINDOWS\system32\SET3C0.tmp moved successfully.
C:\WINDOWS\system32\SET3B9.tmp moved successfully.
C:\WINDOWS\system32\SET3B4.tmp moved successfully.
C:\WINDOWS\system32\SET3E0.tmp moved successfully.
C:\WINDOWS\system32\SET3F6.tmp moved successfully.
C:\WINDOWS\system32\SET3F3.tmp moved successfully.
C:\WINDOWS\system32\SET3F2.tmp moved successfully.
C:\WINDOWS\system32\SET3F0.tmp moved successfully.
C:\WINDOWS\system32\SET3EF.tmp moved successfully.
C:\WINDOWS\system32\SET401.tmp moved successfully.
C:\WINDOWS\system32\SET3FD.tmp moved successfully.
C:\WINDOWS\system32\SET3FB.tmp moved successfully.
C:\WINDOWS\system32\SET415.tmp moved successfully.
C:\WINDOWS\system32\SET417.tmp moved successfully.
C:\WINDOWS\system32\SET413.tmp moved successfully.
C:\WINDOWS\system32\SET412.tmp moved successfully.
C:\WINDOWS\system32\SET410.tmp moved successfully.
C:\WINDOWS\system32\SET40F.tmp moved successfully.
C:\WINDOWS\system32\SET40D.tmp moved successfully.
C:\WINDOWS\system32\SET40B.tmp moved successfully.
C:\WINDOWS\system32\SET40A.tmp moved successfully.
C:\WINDOWS\system32\SET409.tmp moved successfully.
C:\WINDOWS\system32\SET408.tmp moved successfully.
C:\WINDOWS\system32\SET406.tmp moved successfully.
C:\WINDOWS\system32\SET405.tmp moved successfully.
C:\WINDOWS\system32\SET404.tmp moved successfully.
C:\WINDOWS\system32\SET42B.tmp moved successfully.
C:\WINDOWS\system32\SET41C.tmp moved successfully.
C:\WINDOWS\system32\SET425.tmp moved successfully.
C:\WINDOWS\system32\SET41D.tmp moved successfully.
C:\WINDOWS\system32\SET444.tmp moved successfully.
C:\WINDOWS\system32\SET443.tmp moved successfully.
C:\WINDOWS\system32\SET43F.tmp moved successfully.
C:\WINDOWS\system32\SET43E.tmp moved successfully.
C:\WINDOWS\system32\SET43C.tmp moved successfully.
C:\WINDOWS\system32\SET433.tmp moved successfully.
C:\WINDOWS\system32\SET430.tmp moved successfully.
C:\WINDOWS\system32\SET1170.tmp moved successfully.
C:\WINDOWS\system32\SET116F.tmp moved successfully.
C:\WINDOWS\system32\SET44E.tmp moved successfully.
C:\WINDOWS\system32\SET44C.tmp moved successfully.
C:\WINDOWS\system32\SET449.tmp moved successfully.
C:\WINDOWS\system32\SET448.tmp moved successfully.
C:\WINDOWS\system32\SET456.tmp moved successfully.
C:\WINDOWS\system32\SET453.tmp moved successfully.
C:\WINDOWS\system32\SET45A.tmp moved successfully.
C:\WINDOWS\system32\SET45E.tmp moved successfully.
C:\WINDOWS\system32\SET45C.tmp moved successfully.
C:\WINDOWS\SETF3.tmp moved successfully.
C:\WINDOWS\SETF2.tmp moved successfully.
C:\WINDOWS\SETF1.tmp moved successfully.
C:\WINDOWS\SETF0.tmp moved successfully.
C:\WINDOWS\SETEF.tmp moved successfully.
C:\WINDOWS\SETEE.tmp moved successfully.
C:\WINDOWS\SETED.tmp moved successfully.
C:\WINDOWS\SETEC.tmp moved successfully.
C:\WINDOWS\SETEB.tmp moved successfully.
C:\WINDOWS\SETEA.tmp moved successfully.
C:\WINDOWS\SETE9.tmp moved successfully.
C:\WINDOWS\SETE8.tmp moved successfully.
C:\WINDOWS\SETE7.tmp moved successfully.
C:\WINDOWS\SETE6.tmp moved successfully.
C:\WINDOWS\SETE5.tmp moved successfully.
C:\WINDOWS\SETE4.tmp moved successfully.
C:\WINDOWS\SETE3.tmp moved successfully.
C:\WINDOWS\SETE2.tmp moved successfully.
C:\WINDOWS\SETE1.tmp moved successfully.
C:\WINDOWS\SETE0.tmp moved successfully.
C:\WINDOWS\SETDF.tmp moved successfully.
C:\WINDOWS\SETDE.tmp moved successfully.
C:\WINDOWS\SETDD.tmp moved successfully.
C:\WINDOWS\SETDC.tmp moved successfully.
C:\WINDOWS\SETDB.tmp moved successfully.
C:\WINDOWS\SETDA.tmp moved successfully.
C:\WINDOWS\SETD9.tmp moved successfully.
C:\WINDOWS\SETD8.tmp moved successfully.
C:\WINDOWS\SETD7.tmp moved successfully.
C:\WINDOWS\SET94.tmp moved successfully.
C:\WINDOWS\SET88.tmp moved successfully.
C:\WINDOWS\SET85.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\_004949_.tmp.dll
C:\WINDOWS\system32\_004949_.tmp.dll NOT unregistered.
C:\WINDOWS\system32\_004949_.tmp.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03202009_231343
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
Utilisateur anonyme
21 mars 2009 à 00:07
21 mars 2009 à 00:07
ok relances rsit pour y voir plus clair stp
Télécharge Superantispyware (SAS)
Choisis "enregistrer" et enregistre-le sur ton bureau.
Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
Créé une icône sur le bureau.
Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.
- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
Dans la colonne de gauche, coche C:\Fixed Drive.
Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
Pour recopier les informations sur le forum, fais ceci :
- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
- Copie son contenu dans ta réponse.
Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
Télécharge Superantispyware (SAS)
Choisis "enregistrer" et enregistre-le sur ton bureau.
Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
Créé une icône sur le bureau.
Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.
- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
Dans la colonne de gauche, coche C:\Fixed Drive.
Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
Pour recopier les informations sur le forum, fais ceci :
- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
- Copie son contenu dans ta réponse.
Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
Re,
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-21 00:21:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:22, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-21 00:21:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:22, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Utilisateur anonyme
21 mars 2009 à 00:52
21 mars 2009 à 00:52
> Télécharge Dr Web CureIt sur ton Bureau :
- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.
- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.
Re,
dernier pour ce soir a demain bonne nuit.
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/21/2009 at 01:28 AM
Application Version : 4.25.1014
Core Rules Database Version : 3807
Trace Rules Database Version: 1762
Scan type : Complete Scan
Total Scan Time : 00:54:44
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 6280
Registry threats detected : 0
File items scanned : 66469
File threats detected : 20
Adware.Tracking Cookie
C:\Documents and Settings\Bruno\Cookies\bruno@xiti[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@aimfar.solution.weborama[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@cdiscount[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@atdmt[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@ad.yieldmanager[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@ad.zanox[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@smartadserver[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@weba.cdiscount[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@weborama[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@247realmedia[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@advertising[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@tradedoubler[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@track.effiliation[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@doubleclick[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@richmedia.yahoo[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@www.cdiscount[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@zedo[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@zbox.zanox[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@estat[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@bluestreak[1].txt
dernier pour ce soir a demain bonne nuit.
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/21/2009 at 01:28 AM
Application Version : 4.25.1014
Core Rules Database Version : 3807
Trace Rules Database Version: 1762
Scan type : Complete Scan
Total Scan Time : 00:54:44
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 6280
Registry threats detected : 0
File items scanned : 66469
File threats detected : 20
Adware.Tracking Cookie
C:\Documents and Settings\Bruno\Cookies\bruno@xiti[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@aimfar.solution.weborama[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@cdiscount[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@atdmt[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@ad.yieldmanager[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@ad.zanox[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@smartadserver[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@weba.cdiscount[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@weborama[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@247realmedia[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@advertising[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@tradedoubler[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@track.effiliation[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@doubleclick[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@richmedia.yahoo[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@www.cdiscount[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@zedo[2].txt
C:\Documents and Settings\Bruno\Cookies\bruno@zbox.zanox[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@estat[1].txt
C:\Documents and Settings\Bruno\Cookies\bruno@bluestreak[1].txt
Utilisateur anonyme
21 mars 2009 à 01:42
21 mars 2009 à 01:42
ok bonne nuit :)
Salut,
absent toute la journée.
J'ai fais une analyse ce matin mais j'ai supprimer le fichier d'analyse,j'en ai refait une autre voici le rapport.
A0017469.exe C:\System Volume Information\_restore{D81071CA-9E96-4FB0-8F24-8842634CC470}\RP13 Tool.Prockill Quarantaine.
A0017470.exe C:\System Volume Information\_restore{D81071CA-9E96-4FB0-8F24-8842634CC470}\RP13 Tool.Prockill Quarantaine.
absent toute la journée.
J'ai fais une analyse ce matin mais j'ai supprimer le fichier d'analyse,j'en ai refait une autre voici le rapport.
A0017469.exe C:\System Volume Information\_restore{D81071CA-9E96-4FB0-8F24-8842634CC470}\RP13 Tool.Prockill Quarantaine.
A0017470.exe C:\System Volume Information\_restore{D81071CA-9E96-4FB0-8F24-8842634CC470}\RP13 Tool.Prockill Quarantaine.
Utilisateur anonyme
21 mars 2009 à 20:50
21 mars 2009 à 20:50
ok redémarre et relances rsit stp
Re,
j'ai essayé d'installer le pack 3 et il bloque toujours.
Et j'ai toujours une mise a jour sécurité qui ne s'installe pas.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-21 21:01:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:42, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
j'ai essayé d'installer le pack 3 et il bloque toujours.
Et j'ai toujours une mise a jour sécurité qui ne s'installe pas.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-21 21:01:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:42, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/s/snow_crusher/snow_crusher_jeu_fr.htm"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Utilisateur anonyme
21 mars 2009 à 21:12
21 mars 2009 à 21:12
=====================================================
>>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<<
>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows
et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
Sous Vista
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
A Lire , Impératif !!!!
Télécharges Combofix :
Et important, enregistre le sous "moi.exe" sur le bureau.
Avant d'utiliser ComboFix :
? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur moi.exe
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
? Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Re,
ComboFix 09-03-19.02 - Bruno 2009-03-21 21:24:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1615 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bruno\Bureau\moi.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\_004946_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004956_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004960_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004963_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004992_.tmp.dll
c:\windows\system32\_004993_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005002_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005004_.tmp.dll
c:\windows\system32\_005006_.tmp.dll
c:\windows\system32\_005007_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005025_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-21 au 2009-03-21 ))))))))))))))))))))))))))))))))))))
.
2009-03-21 07:12 . 2009-03-21 07:25 <REP> d-------- c:\documents and settings\Bruno\DoctorWeb
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\Bruno\Application Data\SUPERAntiSpyware.com
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 00:00 . 2009-03-21 00:00 <REP> d-------- c:\documents and settings\Bruno\Application Data\Yahoo!
2009-03-20 23:13 . 2009-03-20 23:13 <REP> d-------- C:\_OTMoveIt
2009-03-20 22:56 . 2009-03-20 22:56 <REP> d--hs---- c:\documents and settings\Bruno\IECompatCache
2009-03-20 22:55 . 2009-03-20 22:55 <REP> d--hs---- c:\documents and settings\Bruno\PrivacIE
2009-03-20 22:52 . 2009-03-20 22:52 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-20 22:50 . 2009-03-20 22:50 <REP> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-20 22:49 . 2009-03-20 22:49 <REP> d--hs---- c:\documents and settings\Bruno\IETldCache
2009-03-20 22:47 . 2009-03-20 22:47 <REP> d-------- c:\windows\ie8updates
2009-03-20 22:44 . 2009-03-20 22:46 <REP> d--h-c--- c:\windows\ie8
2009-03-20 22:42 . 2009-02-28 05:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-20 21:25 . 2009-03-21 01:47 1,374 --a------ c:\windows\imsins.BAK
2009-03-20 21:22 . 2008-07-03 14:15 8,510,976 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\documents and settings\Bruno\Application Data\Malwarebytes
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 19:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 19:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 07:22 . 2009-03-20 07:22 <REP> d-------- c:\windows\ERUNT
2009-03-20 07:16 . 2009-03-20 08:03 <REP> d-------- C:\SDFix
2009-03-19 21:58 . 2009-03-19 21:59 <REP> d-------- C:\rsit
2009-03-19 19:26 . 2009-03-19 19:26 <REP> d-------- c:\program files\Ad-remover
2009-03-17 22:06 . 2009-03-17 22:06 <REP> d-------- c:\program files\Viguer.net
2009-03-17 21:51 . 2009-03-17 21:52 <REP> d-------- c:\temp\3967G5PK
2009-03-17 21:51 . 2009-03-19 12:37 <REP> d-------- C:\Temp
2009-03-17 18:49 . 2009-03-17 18:49 2,005 --a------ c:\windows\Palm OS Emulator.ini
2009-03-17 18:43 . 2009-03-17 18:43 <REP> d-------- c:\program files\Motorola Inc
2009-03-17 18:43 . 1998-10-07 13:10 327,168 --a------ c:\windows\IsUn0c0c.exe
2009-03-17 18:43 . 2002-04-09 10:53 36,736 --a------ c:\windows\system32\drivers\p2k.sys
2009-03-17 18:40 . 2009-03-17 18:51 <REP> d-------- c:\windows\Drivers
2009-03-17 18:40 . 2009-03-17 18:40 <REP> d-------- c:\program files\SAMSUNG CDMA Modem
2009-03-17 17:30 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-17 17:30 . 2004-10-28 04:30 79,232 -ra------ c:\windows\system32\drivers\Imx5123.sys
2009-03-12 07:18 . 2004-08-10 20:00 71,040 --------- c:\windows\system32\drivers\_004929_.tmp.dll
2009-03-11 21:35 . 2001-11-07 17:06 135,168 --a------ c:\windows\u39v22.exe
2009-03-11 07:35 . 2009-03-21 21:17 <REP> d-------- c:\documents and settings\Bruno\Bureau
2009-03-11 07:32 . 2009-03-11 07:32 <REP> d--h----- c:\windows\msdownld.tmp
2009-03-11 07:25 . 2009-03-08 04:39 11,063,808 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-11 07:25 . 2009-02-06 21:07 3,698,584 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-11 07:25 . 2009-03-08 04:32 1,985,024 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-11 07:25 . 2009-03-08 14:18 1,310,720 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-11 07:25 . 2009-03-08 04:32 594,432 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-11 07:25 . 2009-03-08 04:11 445,952 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-11 07:25 . 2009-03-08 04:31 59,904 --a--c--- c:\windows\system32\dllcache\icardie.dll
2009-03-11 07:25 . 2009-03-08 04:31 55,296 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-11 07:25 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 21:41 . 2009-03-10 21:45 <REP> d-------- c:\program files\eToro
2009-03-10 05:53 . 2009-03-16 12:24 1,057,250 --a------ c:\windows\setupapi.log.0.old
2009-03-10 03:45 . 2008-04-14 03:33 8,517,632 --a------ c:\windows\system32\SET202.tmp
2009-03-10 03:12 . 2009-03-20 22:00 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-03-09 22:02 . 2009-03-09 22:02 <REP> d-------- c:\program files\Avira
2009-03-09 22:02 . 2009-03-09 22:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-09 20:29 . 2004-08-10 07:33 73,728 --a--c--- c:\windows\system32\dllcache\ehresja.dll
2009-03-09 20:29 . 2004-08-10 07:32 69,632 --a--c--- c:\windows\system32\dllcache\ehresko.dll
2009-03-09 20:29 . 2004-08-10 07:33 69,632 --a--c--- c:\windows\system32\dllcache\ehresfr.dll
2009-03-09 20:29 . 2004-08-10 07:32 69,632 --a--c--- c:\windows\system32\dllcache\ehresde.dll
2009-03-09 20:27 . 2004-08-10 20:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-09 20:26 . 2004-08-10 20:00 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2009-03-09 20:25 . 2004-08-10 20:00 364,544 --a------ c:\windows\system32\dllcache\npdsplay.dll
2009-03-09 20:15 . 2009-03-09 20:15 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-09 20:14 . 2004-08-10 20:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-09 20:04 . 2004-08-04 00:54 154,112 --a------ c:\windows\system32\irftp.exe
2009-03-09 20:04 . 2004-08-04 00:54 28,160 --a------ c:\windows\system32\irmon.dll
2009-03-09 20:04 . 2004-08-04 00:54 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-09 19:53 . 2004-08-10 20:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-03-09 19:53 . 2004-08-10 20:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-03-09 19:53 . 2004-08-10 20:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-03-09 19:53 . 2004-08-10 20:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-03-09 19:52 . 2004-08-10 20:00 809,394 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-09 19:52 . 2004-08-10 20:00 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-09 19:52 . 2004-08-10 20:00 77,881 --a--c--- c:\windows\system32\dllcache\plus.cat
2009-03-09 19:52 . 2004-08-10 20:00 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT
2009-03-09 19:52 . 2004-08-10 20:00 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-09 19:52 . 2004-08-10 20:00 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT
2009-03-09 19:52 . 2003-07-30 10:48 7,506 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-09 19:03 . 2008-11-04 10:57 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-09 19:03 . 2008-11-04 11:51 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-09 19:03 . 2008-11-04 11:08 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-09 19:03 . 2009-03-09 19:04 <REP> d-------- c:\documents and settings\Administrateur
2009-03-09 17:43 . 2009-03-09 22:07 <REP> d--h----- c:\windows\system32\config32
2009-03-09 17:43 . 2009-03-10 05:38 1,156 --ah----- c:\windows\system32\config32\klog.dat
2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 07:02 . 2009-03-09 18:48 <REP> d-------- c:\windows\system32\SupportAppXL
2009-03-06 17:03 . 2009-03-19 07:10 <REP> d-------- c:\program files\DNA
2009-03-06 17:03 . 2009-03-06 17:03 <REP> d-------- c:\program files\BitTorrent
2009-03-06 17:03 . 2009-03-19 19:21 <REP> d-------- c:\documents and settings\Bruno\Application Data\DNA
2009-03-06 17:03 . 2009-03-07 15:35 <REP> d-------- c:\documents and settings\Bruno\Application Data\BitTorrent
2009-03-06 03:26 . 2009-02-27 19:19 1,444 --a------ c:\windows\system32\atls66.pdb
2009-02-24 12:02 . 2009-02-24 12:02 <REP> d-------- c:\program files\Power Manager
2009-02-24 12:02 . 2005-09-09 18:56 6,144 --a------ c:\windows\system32\WinIo.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 23:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-20 23:01 --------- d-----w c:\program files\Yahoo!
2009-03-20 23:00 --------- d-----w c:\program files\CCleaner
2009-03-18 20:45 --------- d-----w c:\program files\eMule
2009-03-17 17:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 04:45 --------- d-----w c:\program files\SlySoft
2009-03-10 04:45 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2009-03-10 04:45 --------- d-----w c:\program files\Elaborate Bytes
2009-03-10 04:45 --------- d-----w c:\program files\AVS4YOU
2009-03-09 18:56 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF
2009-03-09 18:56 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF
2009-03-09 18:56 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF
2009-03-09 18:56 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF
2009-03-09 18:56 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1
2009-03-09 18:56 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF
2009-03-09 18:56 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF
2009-03-09 18:56 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF
2009-02-27 17:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-24 13:56 --------- d-----w c:\program files\Fichiers communs\Adobe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-10-02 151552]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2006-10-09 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 c:\windows\system32\bthprops.cpl]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
c:\documents and settings\Bruno\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\BIN\\w3dbsmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-11-04 217600]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2008-12-14 94208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-06 33752]
S3 Imx5123;Imx5123;c:\windows\system32\drivers\Imx5123.sys [2009-03-17 79232]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{85E2B3F4-4D23-229E-A8FB-6D7A98388F75}]
c:\windows\system32\config32\system.exe s
.
Contenu du dossier 'Tâches planifiées'
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2009-03-21 c:\windows\Tasks\User_Feed_Synchronization-{6A0577A2-364B-439A-8571-740FF996B562}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rmc.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 21:28:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1645522239-1454471165-725345543-1003\Software\Zepter Software\RegLib*c8233cce\CloneDVDmobile/1]
"1"=dword:491a07be
"2"=dword:491a07be
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Heure de fin: 2009-03-21 21:32:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-21 20:32:27
Avant-CF: 97 498 247 168 octets libres
Après-CF: 97,431,506,944 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
324 --- E O F --- 2009-03-21 05:58:57
ComboFix 09-03-19.02 - Bruno 2009-03-21 21:24:28.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1615 [GMT 1:00]
Lancé depuis: c:\documents and settings\Bruno\Bureau\moi.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\windows\system32\_004946_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004956_.tmp.dll
c:\windows\system32\_004957_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004960_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004962_.tmp.dll
c:\windows\system32\_004963_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004965_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004970_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004980_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004982_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\_004985_.tmp.dll
c:\windows\system32\_004986_.tmp.dll
c:\windows\system32\_004988_.tmp.dll
c:\windows\system32\_004989_.tmp.dll
c:\windows\system32\_004990_.tmp.dll
c:\windows\system32\_004991_.tmp.dll
c:\windows\system32\_004992_.tmp.dll
c:\windows\system32\_004993_.tmp.dll
c:\windows\system32\_004994_.tmp.dll
c:\windows\system32\_004995_.tmp.dll
c:\windows\system32\_004996_.tmp.dll
c:\windows\system32\_004997_.tmp.dll
c:\windows\system32\_004998_.tmp.dll
c:\windows\system32\_004999_.tmp.dll
c:\windows\system32\_005000_.tmp.dll
c:\windows\system32\_005002_.tmp.dll
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005004_.tmp.dll
c:\windows\system32\_005006_.tmp.dll
c:\windows\system32\_005007_.tmp.dll
c:\windows\system32\_005008_.tmp.dll
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005025_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-21 au 2009-03-21 ))))))))))))))))))))))))))))))))))))
.
2009-03-21 07:12 . 2009-03-21 07:25 <REP> d-------- c:\documents and settings\Bruno\DoctorWeb
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\Bruno\Application Data\SUPERAntiSpyware.com
2009-03-21 00:27 . 2009-03-21 00:27 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 00:00 . 2009-03-21 00:00 <REP> d-------- c:\documents and settings\Bruno\Application Data\Yahoo!
2009-03-20 23:13 . 2009-03-20 23:13 <REP> d-------- C:\_OTMoveIt
2009-03-20 22:56 . 2009-03-20 22:56 <REP> d--hs---- c:\documents and settings\Bruno\IECompatCache
2009-03-20 22:55 . 2009-03-20 22:55 <REP> d--hs---- c:\documents and settings\Bruno\PrivacIE
2009-03-20 22:52 . 2009-03-20 22:52 <REP> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-20 22:50 . 2009-03-20 22:50 <REP> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-20 22:49 . 2009-03-20 22:49 <REP> d--hs---- c:\documents and settings\Bruno\IETldCache
2009-03-20 22:47 . 2009-03-20 22:47 <REP> d-------- c:\windows\ie8updates
2009-03-20 22:44 . 2009-03-20 22:46 <REP> d--h-c--- c:\windows\ie8
2009-03-20 22:42 . 2009-02-28 05:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-20 21:25 . 2009-03-21 01:47 1,374 --a------ c:\windows\imsins.BAK
2009-03-20 21:22 . 2008-07-03 14:15 8,510,976 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\documents and settings\Bruno\Application Data\Malwarebytes
2009-03-20 19:20 . 2009-03-20 19:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 19:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 19:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 07:22 . 2009-03-20 07:22 <REP> d-------- c:\windows\ERUNT
2009-03-20 07:16 . 2009-03-20 08:03 <REP> d-------- C:\SDFix
2009-03-19 21:58 . 2009-03-19 21:59 <REP> d-------- C:\rsit
2009-03-19 19:26 . 2009-03-19 19:26 <REP> d-------- c:\program files\Ad-remover
2009-03-17 22:06 . 2009-03-17 22:06 <REP> d-------- c:\program files\Viguer.net
2009-03-17 21:51 . 2009-03-17 21:52 <REP> d-------- c:\temp\3967G5PK
2009-03-17 21:51 . 2009-03-19 12:37 <REP> d-------- C:\Temp
2009-03-17 18:49 . 2009-03-17 18:49 2,005 --a------ c:\windows\Palm OS Emulator.ini
2009-03-17 18:43 . 2009-03-17 18:43 <REP> d-------- c:\program files\Motorola Inc
2009-03-17 18:43 . 1998-10-07 13:10 327,168 --a------ c:\windows\IsUn0c0c.exe
2009-03-17 18:43 . 2002-04-09 10:53 36,736 --a------ c:\windows\system32\drivers\p2k.sys
2009-03-17 18:40 . 2009-03-17 18:51 <REP> d-------- c:\windows\Drivers
2009-03-17 18:40 . 2009-03-17 18:40 <REP> d-------- c:\program files\SAMSUNG CDMA Modem
2009-03-17 17:30 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-17 17:30 . 2004-10-28 04:30 79,232 -ra------ c:\windows\system32\drivers\Imx5123.sys
2009-03-12 07:18 . 2004-08-10 20:00 71,040 --------- c:\windows\system32\drivers\_004929_.tmp.dll
2009-03-11 21:35 . 2001-11-07 17:06 135,168 --a------ c:\windows\u39v22.exe
2009-03-11 07:35 . 2009-03-21 21:17 <REP> d-------- c:\documents and settings\Bruno\Bureau
2009-03-11 07:32 . 2009-03-11 07:32 <REP> d--h----- c:\windows\msdownld.tmp
2009-03-11 07:25 . 2009-03-08 04:39 11,063,808 --a--c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-11 07:25 . 2009-02-06 21:07 3,698,584 --a--c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-11 07:25 . 2009-03-08 04:32 1,985,024 --a--c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-11 07:25 . 2009-03-08 14:18 1,310,720 --a--c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-11 07:25 . 2009-03-08 04:32 594,432 --a--c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-11 07:25 . 2009-03-08 04:11 445,952 --a--c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-11 07:25 . 2009-03-08 04:31 59,904 --a--c--- c:\windows\system32\dllcache\icardie.dll
2009-03-11 07:25 . 2009-03-08 04:31 55,296 --a--c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-11 07:25 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 21:41 . 2009-03-10 21:45 <REP> d-------- c:\program files\eToro
2009-03-10 05:53 . 2009-03-16 12:24 1,057,250 --a------ c:\windows\setupapi.log.0.old
2009-03-10 03:45 . 2008-04-14 03:33 8,517,632 --a------ c:\windows\system32\SET202.tmp
2009-03-10 03:12 . 2009-03-20 22:00 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-03-09 22:02 . 2009-03-09 22:02 <REP> d-------- c:\program files\Avira
2009-03-09 22:02 . 2009-03-09 22:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-09 20:29 . 2004-08-10 07:33 73,728 --a--c--- c:\windows\system32\dllcache\ehresja.dll
2009-03-09 20:29 . 2004-08-10 07:32 69,632 --a--c--- c:\windows\system32\dllcache\ehresko.dll
2009-03-09 20:29 . 2004-08-10 07:33 69,632 --a--c--- c:\windows\system32\dllcache\ehresfr.dll
2009-03-09 20:29 . 2004-08-10 07:32 69,632 --a--c--- c:\windows\system32\dllcache\ehresde.dll
2009-03-09 20:27 . 2004-08-10 20:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2009-03-09 20:26 . 2004-08-10 20:00 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2009-03-09 20:25 . 2004-08-10 20:00 364,544 --a------ c:\windows\system32\dllcache\npdsplay.dll
2009-03-09 20:15 . 2009-03-09 20:15 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-09 20:14 . 2004-08-10 20:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-09 20:14 . 2009-03-09 20:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-09 20:04 . 2004-08-04 00:54 154,112 --a------ c:\windows\system32\irftp.exe
2009-03-09 20:04 . 2004-08-04 00:54 28,160 --a------ c:\windows\system32\irmon.dll
2009-03-09 20:04 . 2004-08-04 00:54 8,192 --a------ c:\windows\system32\wshirda.dll
2009-03-09 19:53 . 2004-08-10 20:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-03-09 19:53 . 2004-08-10 20:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-03-09 19:53 . 2004-08-10 20:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-03-09 19:53 . 2004-08-10 20:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-03-09 19:52 . 2004-08-10 20:00 809,394 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-09 19:52 . 2004-08-10 20:00 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-09 19:52 . 2004-08-10 20:00 77,881 --a--c--- c:\windows\system32\dllcache\plus.cat
2009-03-09 19:52 . 2004-08-10 20:00 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT
2009-03-09 19:52 . 2004-08-10 20:00 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-09 19:52 . 2004-08-10 20:00 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT
2009-03-09 19:52 . 2003-07-30 10:48 7,506 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-09 19:03 . 2008-11-04 10:57 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-09 19:03 . 2008-11-04 11:51 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-09 19:03 . 2008-11-04 11:51 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-09 19:03 . 2008-11-04 11:08 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-09 19:03 . 2009-03-09 19:04 <REP> d-------- c:\documents and settings\Administrateur
2009-03-09 17:43 . 2009-03-09 22:07 <REP> d--h----- c:\windows\system32\config32
2009-03-09 17:43 . 2009-03-10 05:38 1,156 --ah----- c:\windows\system32\config32\klog.dat
2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 07:02 . 2009-03-09 18:48 <REP> d-------- c:\windows\system32\SupportAppXL
2009-03-06 17:03 . 2009-03-19 07:10 <REP> d-------- c:\program files\DNA
2009-03-06 17:03 . 2009-03-06 17:03 <REP> d-------- c:\program files\BitTorrent
2009-03-06 17:03 . 2009-03-19 19:21 <REP> d-------- c:\documents and settings\Bruno\Application Data\DNA
2009-03-06 17:03 . 2009-03-07 15:35 <REP> d-------- c:\documents and settings\Bruno\Application Data\BitTorrent
2009-03-06 03:26 . 2009-02-27 19:19 1,444 --a------ c:\windows\system32\atls66.pdb
2009-02-24 12:02 . 2009-02-24 12:02 <REP> d-------- c:\program files\Power Manager
2009-02-24 12:02 . 2005-09-09 18:56 6,144 --a------ c:\windows\system32\WinIo.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 23:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-20 23:01 --------- d-----w c:\program files\Yahoo!
2009-03-20 23:00 --------- d-----w c:\program files\CCleaner
2009-03-18 20:45 --------- d-----w c:\program files\eMule
2009-03-17 17:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 04:45 --------- d-----w c:\program files\SlySoft
2009-03-10 04:45 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2009-03-10 04:45 --------- d-----w c:\program files\Elaborate Bytes
2009-03-10 04:45 --------- d-----w c:\program files\AVS4YOU
2009-03-09 18:56 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF
2009-03-09 18:56 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF
2009-03-09 18:56 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF
2009-03-09 18:56 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF
2009-03-09 18:56 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1
2009-03-09 18:56 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF
2009-03-09 18:56 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF
2009-03-09 18:56 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF
2009-02-27 17:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-24 13:56 --------- d-----w c:\program files\Fichiers communs\Adobe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7585792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-10-02 151552]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"PowerManager"="c:\program files\Power Manager\PM.exe" [2006-10-09 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 c:\windows\system32\bthprops.cpl]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
c:\documents and settings\Bruno\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\BIN\\w3dbsmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-11-04 217600]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2008-12-14 94208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-06 33752]
S3 Imx5123;Imx5123;c:\windows\system32\drivers\Imx5123.sys [2009-03-17 79232]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{85E2B3F4-4D23-229E-A8FB-6D7A98388F75}]
c:\windows\system32\config32\system.exe s
.
Contenu du dossier 'Tâches planifiées'
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2009-03-21 c:\windows\Tasks\User_Feed_Synchronization-{6A0577A2-364B-439A-8571-740FF996B562}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; NaviWoo2.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rmc.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 21:28:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1645522239-1454471165-725345543-1003\Software\Zepter Software\RegLib*c8233cce\CloneDVDmobile/1]
"1"=dword:491a07be
"2"=dword:491a07be
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Heure de fin: 2009-03-21 21:32:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-21 20:32:27
Avant-CF: 97 498 247 168 octets libres
Après-CF: 97,431,506,944 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
324 --- E O F --- 2009-03-21 05:58:57
Utilisateur anonyme
21 mars 2009 à 23:50
21 mars 2009 à 23:50
__________________________________________________________________________________________
|=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=========|
|=>il est fort déconseillé de le transposer sur un autre ordinateur !<========|
------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
File::
c:\temp\3967G5PK
c:\windows\u39v22.exe
c:\windows\system32\drivers\_004929_.tmp.dll
c:\windows\IsUn0c0c.exe
c:\windows\setupapi.log.0.old
c:\windows\system32\SET202.tmp
Folder::
c:\program files\eToro
------------------------------------------------------------------
• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes
• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
19 mars 2009 à 19:41
------- LOGFILE OF AD-REMOVER 1.1.1.9 | ONLY XP/VISTA -------
Updated by C_XX on 18/03/2009 at 21:20 - AdRemover.contact@gmail.com
Start at: 19:27:55, Jeu 19/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: PELLUET-284E21D
Current User: Bruno - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 45
+-----------------| Boonty/Boonty Games Elements Found:
.
.
+-----------------| Eorezo Elements Found:
.
+-----------------| Infected Poker Softwares Elements Found:
HKCU\Software\PartyGaming
.
C:\Program Files\PartyGaming
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
============ Other Adwares Found ============
.
HKCR\AppID\ShoppingAdsHelper.DLL
HKCR\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4}
HKCR\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9}
HKCR\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKCR\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C}
HKCR\Interface\{2003E25F-91DA-7AC2-239B-A263B7D2441B}
HKCR\Interface\{8DC03F36-EFED-89C0-3C14-469B513E5651}
HKCR\Interface\{B00F1048-6A9F-DAA3-5103-5DCFA3E4719A}
HKCR\ShoppingAdsHelper.BrowserWatcher
HKCR\ShoppingAdsHelper.BrowserWatcher.1
HKCR\ShoppingAdsHelper.PornPro_BHO
HKCR\ShoppingAdsHelper.PornPro_BHO.1
HKCR\ShoppingAdsHelper.PrecacheBrowserHost
HKCR\ShoppingAdsHelper.PrecacheBrowserHost.1
HKCR\TypeLib\{A9FC1C11-B511-D9B9-0E29-01A8D05AE107}
HKCU\Software\Foxicle
HKCU\Software\MediaHoldings
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C86C605-6081-D104-96f7-F765C20b22F1}
HKCU\Software\PlayMP3
HKCU\Software\ShoppingAdsHelper
HKLM\Software\Classes\AppID\ShoppingAdsHelper.DLL
HKLM\Software\Classes\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4}
HKLM\Software\Classes\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9}
HKLM\Software\Classes\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKLM\Software\Classes\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C}
HKLM\Software\Classes\Interface\{2003E25F-91DA-7AC2-239B-A263B7D2441B}
HKLM\Software\Classes\Interface\{8DC03F36-EFED-89C0-3C14-469B513E5651}
HKLM\Software\Classes\Interface\{B00F1048-6A9F-DAA3-5103-5DCFA3E4719A}
HKLM\Software\Classes\ShoppingAdsHelper.BrowserWatcher
HKLM\Software\Classes\ShoppingAdsHelper.BrowserWatcher.1
HKLM\Software\Classes\ShoppingAdsHelper.PornPro_BHO
HKLM\Software\Classes\ShoppingAdsHelper.PornPro_BHO.1
HKLM\Software\Classes\ShoppingAdsHelper.PrecacheBrowserHost
HKLM\Software\Classes\ShoppingAdsHelper.PrecacheBrowserHost.1
HKLM\Software\Classes\TypeLib\{A9FC1C11-B511-D9B9-0E29-01A8D05AE107}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C86C605-6081-D104-96F7-F765C20B22F1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingAdsHelper
.
C:\Program Files\playmp3z
C:\Program Files\ShoppingAdsHelper
C:\Documents and Settings\Bruno\Menudm~1\Progra~1\PlayMP3z
C:\Documents and Settings\Bruno\Cookies\bruno@atdmt[2].txt
+-----------------| Added Scan:
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.01net.com/telecharger/
Search Page: hxxp://www.google.com
Start page: hxxp://www.rmc.fr/
+-[HKEY_USERS\S-1-5-21-1645522239-1454471165-725345543-1003\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.01net.com/telecharger/
Search Page: hxxp://www.google.com
Start page: hxxp://www.rmc.fr/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.01net.com/telecharger/
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.01net.com/telecharger/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
4408 Byte(s) - C:\Ad-Report-Scan-19.03.2009.log
0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 19:33:22 | 19/03/2009
.
+-----------------| E.O.F - 94 Lines
.
22 mars 2009 à 11:59
je ne suis pas là de l'aprés-midi.
A ce soir.
23 mars 2009 à 21:56
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bruno at 2009-03-23 21:53:08
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 2047 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:16, on 23/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruno\Bureau\RSIT.exe
C:\Documents and Settings\Bruno\Bureau\Bruno.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rmc.bfmtv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe